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Description 

BACKGROUND OF THE INVENTION 
s Field of the Invention 

[0001] The present invenflon relates to a distribution system realized by a service for distributing copyriglited digital 
material such as Electronic Music Distribution (EMD), a semiconductor memory card, a receiving apparatus, a compu- 
ter-readable recording medium and a receiving method. 

10 

Description of the Background Art 

[0002] A distribution system includes a distribution server, a device for purchasing contents, and a playback appa- 
. ratus for playing back contents, and. gives people living around the world the opportunity to purchase copyrighted mate- 
rs rial, via various global networks. If a personal computer owned by a user is used as the purchasing device, contents are 
purchased in tiis following way. The user operates the personal computer, and transmits a purchase request to the dis- 
tribution server. Upon receiving the purchase request, the distribution server bills the user, and then transmits the cop- 
yrighted digital material. The personal computer operated by the user receives the transmitted copyrighted material, 
and writes It onto the hard disk (HD). If writing is performed correctly, the purchase of the copyrighted material is com- 
20 pleted. 

[0003] The purchasing device performs processing called check-out and check-in. Check-out refers to the process 
of recording copyrighted material (a first-generation copy) onto a portable recording medium such as a semiconductor 
memory card or a mini disc. The number of times check-out is performed by the purchasing device can also be limited 
to a predetermined number, suoh as three or tour. If copyrighted material is recorded onto a portable recording medium 

25 using check-out, this copyrighted material can be played back using the playback apparatus. However; once check-out 
has been perfomned the predetennined number of limes, the copyrighted material can be set in e state in which check- 
out Is not permitted. Check-In, on the other hand. Is the process of returning copyrighted material recorded on a porta- 
ble recording medium to the personal computer. If check-in Is performed on a copyrighted material that has been set so 
that check-out is not pennitted, check-out of the copyrighted material becomes possible once more. Check-out and 

3D check-in are prerequisites for copyright protection , which prevents reduction in the copyright owner's profits. 

[0004] The following is a brief explanation of how copyright is protected when check-out and check-in are being per- 
formed. A unique identifier, called a Media-ID, is recorded in an area of the recording medium onto which a copy of the 
copyrighted material is to be recorded, the area being one that cannot be read by a normal user operation. When check- 
out is performed, contents are encrypted using the media ID unique to the recording medium. Thus, even if an lll-inten- " 

3S, tloned user copies contents that haye been checked out onto one recording medium onto another recording medium, 
the madia ID of the recording medium onto which the contents are copied differs from the media ID that was used to 
encrypt the contents (the media ID of the original disc). As a result, decryption cannot be properly performed, and cop- 
yright Is protected. 

W SUMMARY OF THE INVENTION 

[0005] The object of the invention is to provide a distribution system that provides a high level of convenience for 
the user, while protecting copyright, when a device manages the recording ot copyrighted material using check-out, 
check-ih and the like. 

4S [0006] Cun-ent distribution systems pose various obstacles to user convenience. Such distribution systems include 
the user's personal computer, as well as devices used as KIOSK tenminals in convenience stores, record stores, and 
stations. 

[0007] If the device used is a KIOSK tenninal, copyrighted material is purchased in the tollowlng way. First the 
KIOSK terminal prompts the user to provide a portable recording medium on which the copyrighted material is to be 
so recorded, such as a semiconductor memory card or a mini disc. Once this portable recording medium has been con- 
nected to the KIOSK terminal, and the necessary charge paid, the copyrighted material is downloaded from the distri- 
bution server and recorded onto the portable recording medium. Users of KIOSK terminals can thus easily acquire their 
favorite music while shopping or on the way to work or school. 

10008] If copyrighted material is recorded onto a semiconductor memory card by a KIOSK terminal, however, a 
55 device other than the KIOSi< terminal is not allowed to check-in the copyrighted material recorded onto the semicon- 
ductor memory card by the KIOSK tenninal. The reason for this Is as follows. Were check-in to be performed by another 
device, the copyrighted material on which check-in had been perfonned could be checked out three or four more times. 
If check-in by another device and dieck-out by the same device were to be repeated, a large number of first generation 
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copies would be made, and copyright protection made ineffective. Thus, check-iri by other devices is completely prohib- 
ited in order to prevent this l<ind of proliferation of first generation copies. 

[00091 As a result, a user who has purchased copyrighted material from a KIOSK terminal will not be able to enjoy 
the ability to perfonn check-out and check-in at home using a personal computer. The fact that a user who has paid the. 
5 required charge is not able to perform check-out and check-in shows a tack of consideration of the user and may reduce 
their desire to use KiOSK temiinais. 

[0010] In order to overcome the above problems and achieve the above object, the Inventors of thai present Inven- 
tion suggest that a Usage Rule, showing the right to manage the recording of copies of copyrighted material, be moved. 
In the Secure Digital Music Initiative (SDMI), this Usage Rule is called Digital Rights Management Information (DRMI). 

10 M anagement of the number of copy generations and number of times copies can be made during check-out and copy- 
ing is performed based on this Usage Rule. A distribution system that moves the Usage Rule, thereby achieving the 
above object includes a distribution server for distributing a content via a network, and first and second receiving appa- 
ratuses for receiving the content via the network, and records a copy of the content onto a recording medium in order 
to isupply the content to a playback apparatus. Here, the first receiving apparatus may include a first receiving unit and 

IS a recording unit. The fitst receiving iinit receives, vla.the network, a data set Including the content and control informa- 
tion controljing copying of the content onto the recording medium, and holds the received data set. The recording unit 
generates authorization information showing whether moving the data set to another receiving apparatus is permitted. 
Then the recording unit records the content onto a distribution medium together with corresponding usage rule informa- 
tion including (1) the authorization information, and (2) the control infonnatlon Included In the data set. Here, the second 

20 receiving apparatus may include a second receiving unit, a data set moving unit, and a check-out unit The second 
receiving unit receives the data set from the distribution sen/er via the network, and holds the received data set The 
data set moving unit reads authorization information from the distribution medium, and only when the read authorization 
infonnatlon shows that moving the data set Is permitted, (a) moves the data set from the distribution medium to the 
inside of the second receiving apparatus, and (b) holds the data set. The check-out unit performs check-out when the 

25 data set is held by one of the second receiving unit and the data set moving unit Check-out Is performed based on the 
control information in the held data set by generating a copy of the content included in the held data set and recording 
the copy onto the recording medium, the copy recorded onto the recording medium being supplied to the playback 
apparatus. 

[0011] A single device moves a content and a corresponding Usage Rule to two receiving devices, so that control 

30 of recording of a content and corresponding Usage Rule recorded onto a semiconductor memory card by a first receiv- 
ing apparatus (in the above example the KIOSK terminal) can be performed by a second receiving apparatus (here, a 
personal computer). Recording of copies of copyrighted materials recorded by the KIOSK terminal can be performed 
by the personal computer, so a user who has paid the appropriate charge to purchase a copyrighted material from the 
KIOSK terminal can perform check-out and check-in of the copyrighted material on their own personal computer. 

35 [0012] Here, the control Infomnation may indicate a number ol remaining check-outs. The check-out unit may 
include acornscting unit for connecting to a recording medium, and recording a copy of the content Included In the data 
set held by the data set moving unit onto the recording medium when a copy of the held content is not already recorded 
on the connected recording medium, and the number of remaining check-outs shown by the control infonnatton held by 
one of the second receiving unit and the data set moving unit Is at least one. Furthermore, the second receiving appa- 

40 ratus may Include a check-in unit and an updating unit When a copy of the content is already reconded on the con- 
nected recording medium, the check-in unit deletes the copy of the content recorded on the connected recording 
medium. The updating unit updates the control information by decrementing the number of remaining check-outs when 
a copy of the held content is newly recorded on the recording medium, and incrementing the number of remaining 
check-outs when the copy of the held content is deleted from the reconjing medium. In this distribution system, check- 

45 out performed by the second receiving apparatus can only be performed for the number of times shown by the control 
infonnation, so that check-out cannot be perfonned beyond the limit set by the copyright owner. This ensures that the 
profits of the copyright owner will not be unfairly reduced. 

[001 3] Here, the recording medium may have an assigned unique Identifier. The check-out unit may include an allo- 
cation unit and a storage unit The allocation unit allocates a unique identifier to the held content. The unique identifier 

so is recorded onto the recording medium with the content when chect<-out Is performed. The storage unit reads the 
unique identifier for the recording medium connected to the connecting unit from .the recording medium, and stores the 
read recording medium identifier as a pair with the allocated content identifier- Furthermore, the check-in unit may 
include a read unit a comparing unit and a holding unit When a copy of the content has already been recorded on a 
recording medium connected to the connecting unit, the read unit reads the unique identifiers for the connected record- 

S5 ing medium and the content The comparing unit compares the pair of identifiers read by the read unit with the pair of 
identifiers stored by the storage unit to determine whether the copy recorded on the connected recording medium was 
previously produced by the second recording apparatus. . When the copy was previously produced by the second 
recording apparatus, the-.holding unit reads the copy from the connected recording medium, holds the read copy, and 
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then deletes the copy from the recording medium. When ihe second receiving apparatus In this distribution systenn per- 
fornas checl<-ln, it determines whether the copy to' be checked-in is one that was previously checked out by itself, by 
comparing two palre of Identifiers, each including a recording medium identifier and content identifier. The second 
recording apparatus only performs qheok-in if the copy has been previously checked out by itself, so there is no danger 
of the principle that 'a device should not check-in a copy that has been checked out by another device' being ignored. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0014] These and other objects, advantages and features of the jrivention will become apparent from the follow/ing 
description thereof taken In conjunction with the accompanying drav/lngs which illustrate a specific embodiment of the 

invention. In the drawings; 

Fig. 1 shows a data structure of a copyrighted material; 

Fig. 2A shov^ a situation (1) In which a copyrighted material is recorded onto a recording medium without an 
accompanying encryption key and Usage Rule information; 

Fig. 2B shows a situation (2) in which a copyrighted material is recorded onto a recording medium without Usage 
Rule information; 

Fig. 2C shows a situation (3) in which a copyrighted material is recorded onto a recording medium together with 
Usage Rule information; 

Fig. 3A shows an external view of an SD memory card; 

Fig. 3B shows a hierarchical structure of an SD memory card 100; . . 
Fig. 3C shows a physical structure of the SD memory card 1 00; 

Fig. 4A shows a situation in which an Incompatible device is connected to the SD memory card 100 whose pro- 
tected area stores only an encryption key; 

Fig. 4B shows a situation in which a compatible device is connected to the SD memory card 1 00 whose protected 
area stores only an encryption key; 

Fig. 4C shows a situation in which a compatible device is connected to the SD memory card 1.00 whose protected 
area stores an encryption key and a Usage Rule, the Usage Rule including Move Control information authorizing 
data transfer; 

Fig. 4D shows a situation in which acompatlble device is connected to the SD memory card 1 00 whose protected 
area stores an encryption key and a Usage Rule, the permitted number of moves Included In the Usage Rule being 
0; . 

Fig. 5 shows a situation where a KiOSK terminal is installed in a station or store; ■ ■ 

Fig. 6A shows a situation in whjch encrypted data forming the copyrighted material, plain text data, an encryption 
key, and a Usage Rule are written Into the SD memory card 100 by a digital terminal 109 that Is a mobile phone; 

' Fig. 68 shows a situation in wrtilch encrypted data, plain text data, an encryption key and a Usage Rule forming the 
copyrighted material are written into the SD memory card 1 00 by a digital tennlnal 1 1 0 that is an STB; 

. Fig. 7A shows a variety of customer devices; 

Fig. 7B shows a variety of SD-Audio players; 

Fig. BA shows a server computer 103 and customer devices belonging to a plurality of users (personal computera 
1 1 1 to 1 1 6) connected to a network; 
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Figs. 8B and 8C show a situation in which the personal computer 1 1 1 performs check-out and check- in three times; 

Fig. 9 shows a distribution server included in a track distribution system related to the embodiments, a plurality of 
devices, and a playback apparatus; 

Rg. 1 0 shows a data structure of frtie and package for copyrighted data when distribution is performed; 
Fig. 1 1 shows a hierarchical data structure of a Default Offer; 

Rg. 1 2 shows files and directories formed to record a data iset for a copyrighted material; 
Rg. 13 Shows a hierarohicai structure of an AOB file; . 

Fig. 14 shows playback contents when each AOB and AOB block recorded In an AOS file is played back in 
sequence; 

Rg. 1 5 shows eight AOB files stored in a title (music album) shown in Rg. 14; 
Rg. 1 6A shows a detailed hierarchical structure of a Track Manager; 
Rg. 1 6B shows a detailed structure of a TKGl; ' ■ 

Rg. 17 shows the mutual relationship between TKIs and the AOB files and AOBs shown In Fig. 14; . 

Figs. 1 8A and 1 8B show the setting of TKIs when two tracks are combined Into one; . 

Figs. 1 9A and 1 9B envisage a situation when one track is divided into two; 

Fig. 20 shows clusters' 007 to OOE stored In an AOB formed from AOB_ELEMENTs #1 to #4; 

Fig. 21 shows an example; TKLPOB_SRP settings fortracksTK#1 to TK#4 included in the Track Manager; 

Fig. 22 shows the mutual relationship between Oefault_Playlist Information, TK1 s,- and AOB files; 

Rgs. 23A and 23B envisage a situation in which track order is changed; 

Rg. 24 shows the internal structure of 'STKI***.SDT; 

Rg. 25 shows Correspondences betwelen AOB#1 , A0B#'2, A0B#3', POBC01.SA1, and POB002.SA1 included In a 
. directory SD_AUPI0, ahdSTKIOOI.SDT, STKI002.SDT, and STKI003.SDT Included In a directory SD_ADEXT; 

Rg. 26 shows a structure of A0BSA1 .URM; 

Fig. 27 shows correspondences between AOBSA1.KEY, A0BSA1.URIVI, and AOB files, when the SD_AUD10 
directory contains eight files, eight corresponding encryption keys are recorded in AOBSAT.KEY, and eight corre- 
sponding usage rule entries are recorded in A0BSA1. URM; 

Rgs. 28A and 288 show correspondences between A0BSA1 .KEY, AOBSAI .URM, and AOB files; 
Rg. 29 shows an internal structure of a Title Key Entry; 

Figs. 30A and 30B envisage a case In whiph all audro objects in a user data area of the SD memory card 1 0O.are 
moved to the customer device; 

Figs, 31 A and 31 B show the files arranged in the use r data area of the SD memory cal-d 100 when only three of the 
eight audio objects in the user data area are moved; 

Fig. 32 shows how AOB files, POB files, and STKI files are moved from the SD memory card 1 00 to local storage; 
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Fig. 33 shows a structure of a digital terminal; 

Rg. 34A shows a structure of a customer device; 

s Rg. 34BshowsastructureofSD-Audio players 122 to 124; 

Rg. '35 shows an Internal Structure of a secure processing unit 26 In a digital terminal; ' 

Fig. 36 shows an Internal structure of a secure processing unit 38 in a customer device; 
10 ■ ■■ • 

Fig. 37 is a liowchart showing the procedure performed by a sales service control unit 27; 

Fig. 38 is a flowchart showing the procedure performed by a sales service control unit 27; 

75 Figs. 39 to 41 are flowcharts showing the procedure performed by a library control unit 37; 

Fig! 42 shows a directory structure of a protected area and user data area related to a second enibodiment; 

Fig. 43 shows a data structure of Extended Title Key Entry Included In P_AOBSAl .KEY; 

Fig. 44 is a flowchart showing the content of processing performed by the library control unit 37 when previewing; ■ 

and ■ ■ 

Fig. 45 shows a situation In which a copyrighted material is moved the permitted number of moves, when the per- , 
25 ■ mitfed number of moves is set at six. 

DESCRIPTION OF THE PREFERRED EMBODIMENTS 

[001 5] The following embodiment describes a distribution, system operated in accordance with the SDMI, SD-Audio . 

30 Verl.O standard, and SD-Audio Verl.1 standard. Note that devices compliant with the SDMI, the SD-Audio Verl.O 
standard, and the SD-Audio VerT .1 standard are known as compatible devices, and devices not compliant with any one 
of these standards as incompatible devices. Tlie SD-Audio Verl .0 standard enables copyrighted material to be 
recorded onto a recording medium so that special playback and editing of songs can be performed. In contrast, the SO- . 
Audio Verl .1 standard enables copyrighted material to be moved and previewed. 

35 [0016] Fig. 1 shows a data structure of a copyrighted material. The copyrighted material shown in the drawing is 
formed from encrypted data, plain text data, an encryption key used to encrypt the data, and a Usage Rule for manag- 
ing recording of the copyrighted material. Examples of encrypted data are MPEG-AAC (Moving Picturie Experts Grbup' 
Advanced Audio Coding) data, and JPEG {Joint Piiotographic Experts Group) still picture data, and an example of plain 
text data is navigation data controlling the reproduction of MP EG streann data and J PEG still picture data. Furthemrjore, 

40 the Usage Rule includes checkout authorization information showing the number of times that check-out is permitted, 
Move Control infomnation showing the number of times that movement of the copyrighted, material is permitted, and 
copy control information. Alternative situations occurring when the data set forming the copyrighted material is recorded 
onto a recording medium are shown in Figs. 2A to 2C. 

[001 7] Rg. 2A shows a situation (1 ) in which the copyrighted material is recorded on the recording medium without 
45 the Usage Rule, In this situation (1), the encryption key Is not present, so the encrypted data cannot be decrypted, mak- 
ing itimpossibie to play back the copyrighted material. 

[0018] Fig. 2B shows a situation. (2) in which the copyrighted material is recorded on ttie recording medium without , 
tha Usage Rule. In situation (2), both the encryption key and the encrypted data are present, so this recording medium 
possesses the rights to play back the copyrighted material. However, the Usage Rule for managing recording iE not 
50 present, so the encryption key and encrypted data of thlis copyrighted material cannot be recorded onto another record- 
ing medium. Note that In this specification the encrypted data and encryption key pairing that make up the body of the 
copyrighted material are also referred to^ as a content When the encryption key and encrypted data are recorded on a 
recording medium, this status is referred to as 'playback rights recorded'. 

[0019] Rg. 2C shows a situation (3), in which a copyrighted material including, a Usage Rule' is recorded on a 
SB recording medium. The rights for managing recording of the copyrighted material exist both on the recording medium 
and in a connected device, in situation (3), the situation shown in Rg. 2B can be created on another recording medium 
by performing check-out, check-in and the tike on copyrighted materials, in addition to playback, 
[0020] Next, a distribution medium that can store copyrighted materials securely is explained. In the embodiments. 
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an example of such a distribution medium Is a semiconductor memory card (hereatter refen-ed to as a Secure Digital 
(SD) memory card). An SD memory card 100 shown in Fig. 2C has the external structure shown in Fig. 3A, being 32.0 
mm long. 24.0 mm wide and 2.1 mm thick: about the size of a postage stamp, and small enough for a user to hold on 
the tip of one finger. The SD memory card 100 has nine connectors for connecting to a device, and a write protect 

5 switch 101 on one side, which can be set by the user to permit or prohibit ovenwritlng of recorded data. 

[0021] Fig. 3B shows a hierarchical stnjcture of the SD memGfy card 1 00. .As shown in the diag.ram, the hierarchical 
structure of the SD memory card 1 00 is formed from a physical layer that securely stores the data set forming the cop- 
yrighted material, a file system layer that is accessed based on a File Allocation Table (FAT, ISO/IEC 9293), with a clus- 
ter being the smallest unit of access, and an application layer storing encrypted data, an'ericryptlon key, plain text and 

10 a Usage Rule fomiing the copyrighted material. 

[0022] ng. 3C shows the structure of the physical layer of the SD memory card 100. In the drawing, the physical 
layer of the SD memory card 1 00 includes a system area 1 , a hidden area 2, a protected area 3," AKE processing units 
4 and 5, a Ks decrypting unit 6, a Ks encrypting unit 7, and a user data area 8. 

[0023] The system area 1 is a read-only area storing a media key block (MKB) and a media ID. The MKB and media 
IS ID stored in this area cannot be overwritten. Suppose that the SD memory card 1 00 is connected to a device, and the 
MKB and media ID read by that device, if the connected device correctly perfomis a specified calculation using a device 
key Kd held internally, it can obtain a correct encryption key Kmu. 

[O024] The hidden area2 stores the encryption key Kmu having the con-ect value, in otherwordsthe encryption key 
Kmu that should be obtained if the connected device performs correct calculation using the correct device key Kd. 

£C [0025] The protected area 3 stores an encryption key and a Usage Rule. 

[0026] The AKE (authentication and key exchange) processing units 4 and 5 perform mutual authentication 
between a connected device and the SD memory card 1 00 using the challenge-response method, verify the authentic- 
ity of the opposing device, and if the opposing device is invalid, stop processing.. If the opposing device is valid, however, 
an encryption koy (session key Ks) is shared by the device and the SD memory card 1 00. Authenlication performed by 

2S the device connected to the SD memory card 1 00 has three phases. First, in a tinst challenge phase, the device gener- 
ates a random number, encrypts the random number using the encryption key Kmu, and transmits the encrypted ran- 
dom number to the SD memory card 100 as a challenge value A. Then, In afirst response phase, the SD memory card 
1 00 uses the encryption key Kmu stored internally to decrypt the challenge value A, and transmits the decrypted value 
to the connected device as a response value B. Following this, in a first verify phase, the connected device decrypts the 

30 Challenge value A held internally using its encryption key Kmu, and compares the decrypted value with the response 
value B transmitted from the SD memory card 1 00. 

[0027] Authentication performed by the SD memory card 1 00 also has three phases. First, in a second challenge 
phase, the SD memory card 100 generates a random number, encrypts the random number using the encryption key 
Kmu, and transmits the encrypted random number to the connected device as a challenge value C. Then, In a second 
35 response phase, the connected device uses the encryption key Kmu stored internally to decrypt the challenge value C, 
and transmits the decrypted value to the SD memory card 1 00 as a response value D. Following this, in a second verify 
phase, the SD memory card 1 00 decrypts the challenge value C held internally using its encryption key Kmu, and com- 
pares the decrypted value with the response value D transmitted from the connected devkse. 

[0028] If the connected device uses an improper encryption key Kmu to perform mutual authentication, challenge 
40 value A and response value B in the first verify phase and challenge value C and response value D in the second verify 
phase will be judged to be non-matching values, and mutual authentication will be stopped. If the authenticity of the 
opposing devices is verified, however, the AKE processing units 4 and 5 calculate an exclusive OR of challenge value 
A and challenge value C and obtain the session key Ks by decrypting the exclusive OR using the encryption key Kmu. 
[0029] The Ks decrypting unit 6 uses the session key Ks to decrypt an encryption key and Usage Riile which has 
■45 already been encrypted by session key Ks and output from the connected device. The encryption key and Usage Rule 
obtained by this decryption are written into the protected area 3. 

[0030] ■ The Ks encrypting unit 7 receives a command from another device connected to the SD memory card 100 
Instructing it to read the encryption key and the Usage Rule, encrypts the encryption key and the Usage Rule stored in 
the protected area 3 using the session key Ks, and then outputs the encrypted encryption key and the Usage Rule to 

so the device that issued the command. 

[0031] The user data area 8 can be accessed by a connected device regardless of whether that the authenticity of 
that device has been verified, and stores encrypted data and plain text data, if the encryption key read from the pro- 
tected area 3 has a correct value, the encrypted data stored In the user data area 8 can be con-ectly decrypted, Reading 
of data from the protected area 3 is performed together with decryption performed by the Ks decrypting unit 8 and 

55 encryption performed by the Ks encrypting unit 7. Therefore, the protected area 3 can usually only be accessed by a 
connected devic,e when that device has successfully performed AKE processing. 

[0032] The following is an explanation of data obtained by a device connected to the SD memory card 1 00, the SD 
memory card 1 00 having a data set that constitutes a copyrighted material. ' 
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[0033] Fig. 4A Shows a first example, in whicii'an incompatible device is connected to the SD memory card 100. 
wliose protected are 3 stores only an encryption l<ey. In this case, tine encrypted data and plain text data stored in the 
user data area a can be read, but, since the protected area 3 cannot be accessed, the encryption key cannot be 
obtained. This situation Is identical to situation (1). Even though the device is connected to the SD memory card 1 00, It 

5 cannot obtain playback rights and so the copyrighted material cannot be reproduced. 

[0034] In a second example shown in Fig. 4B, a compatible device is connected to the SD memory card 1 00, whose 
protected area 3 stores only an encryption l<ey. This device can read the encryption key stored in the protected area 3, 
together with the encrypted data and plain text data stored In the user data area 8. This means that the compatible 
device can obtain playback rights, and play back the copyrighted material, However, a Usage Rule is not stored in the 

10 protected area 3, so the device cannot read a Usage Rule from the SD memory card 100 and is unable to obtain the 
righl to manage recording of the copyrighted material. 

[0035] In a third example shown in Fig. AC, a compatible device is connected to the memory card 100, whose pro- 
tected area 3 stores a Usage Rule and an encryption key. The Usage Rule includes Move Control Information showing 
that one move is permitted, so the connected device can read a copyrighted material con-esponding to the Usage Rule 

75 from the SD memory card 1 00 and store it on an intemalized recording medium. When the Usage Rule is recorded on 
the Internalized recording medium in the device, the copyrighted material exists both on the internal recording medium 
and on the SD memory card 100 and rights also exist in duplicate, so the connected device performs processing to 
delete the copyrighted material from the SD memory card 1 00. This deletion completes the transfer of both manage- 
ment rights and the copyrighted material from the SD memory card 1 00 to the connected device. 

20 [0036] In a fourth example shown in Rg. 4D, a compatible device is connected to the SD memory card 1 00, whose 
protected area 3 stores a Usage Rule and an encryption key The Usage Rule includes Move Control Information show- 
ing that the nurriber of permitted movas is 0, so the Usage Rule cannot be moved, and the connected device cannot 
obtain management rights. In this case, the copyrighted material on the SD memory card 100 Is treated as a 'master". 
When the permitted number of moves is 0, this indicates that the permitted number of moves was originally 1 or more, 

ss but that the copyrighted material has been moved to a device pne or more times, and the number of permitted moves 
decremented, until it has reached 0. 

[0037] This completes the explanation of the structure of the SD memory card 100. Next, a device used in EMD is 
explained. Such devices may be divided into four types: distribution servers, digital terminals (first receiving appara- 
tusas), customer devices (second receiving apparatuses) and SD-A.udlo players (playback apparatuses) 122 to 124. 
30 These types of device are explained in turn. A representative distribution server and digital terminals for this embodi- 
ment are shown in Rgs. 5 and 6, representative customer devfces are shown in Fig. 7A, and representative playback 
apparatuses are shown In Rg. 7B. ■ 

[0038] A distribution server 103 In . Fig. 5 stores a data set fonmed from a plurality of copyrighted materials, if the 
purchase of any one of the copyrighted materials Is requested by a digital terminal or customer device, the requested 

35 copyrighted material is transmitted to the relevant digital terminal or customer device via a network. 

[0039] Digital tenninals 1 04 to 1 1 0 in Figs. 5, 6A, and 68 are examples of a compatible device that obtains a data 
set forming a copyrighted material by transfer via a network from the distribution server 1 03, which Is operated by a 
record company. The network may be a wired network such as ISDN (Integrated Services Digital Network) or PStN 
(Public Switched Telephone Network), a satellite broadcast line, or one of the various types of wireless networks, such 

40 as a cellular system. The digital terminals 104 to 110 can be divided Into i<IOSK terminals 104 to 108, which are 
installed In stations, airports, music stores, convenience stores and the like, a mobile phone 1 09 that commLnioetes via 
a wireless cellular system, and a set top box (STB) 1 1 0 used for receiving satellite broadcasts. Fig. 5 shows a situation 
in which KIOSK terminals 104 to 1 08 are installed in stations or stores. Fig. 6A shows a situation in which a data set 
forming a copyrighted material is written onto the SD memory card 100 by a digital terminal, in this case the mobile 

45 phone 1 09. Fig. 6B shows a situation in which a data set forming a copyrighted material is written onto the SD memory 
card 1 00 by a digital terminal, in this case the STB 1 1 0. KIOSK terminals 1 04 to 1 08 are connected to tiie distribution 
server 103 using a dedicated fiber-optic line, and. obtain the data set via, this dedicated line. The mobile phone 109 
obtains the data set via a wireless base station and telephone exchange, and the STB 1 1 0 obtains it via a oommunfca- 
tions satellite and a fiber-optic line; 

50 [0040] Tha digital terminals shown In the drawings access the distribution server 103 to present a plurality of cop- 
yrighted materials stored on a reconjlng medium In the distribution server 1 03 to a user, and receive a purchase request 
for one of the copyrighted materials from the user. Qnce a purchase request for one of the copyrighted materials has.. 
been made by the user, a signal requesting transmission of the data set forming this copyrighted material Is transmitted 
to the distribution server 103. The digital terminal receives the transmitted data set forming the copyrighted material 

55 from tha distribution server 103, and saves ft, before recording it on the SD memory card 1 00. 

[0041] Customer devices 1 1 1 to 121 have an internalized recording medium known as local storage, and manage 
a home music library formed from copyrighted materials obtained via a network route and an SD memory route (a route 
that obtains copyrighted materials via the SD memory card 100), as well as performing playback and check-out of cop- 
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yrighted matsrials recorded on the SD memory card 100 or local storage. Fig. 7A shows various types of customer 
devices, for example personal computers (1 11 to 116) and audio systems (1 1 7 to 121), and Fig. 7B shows various types 
of SD-Audio players used to play back contents. All of the devices shown in Rg. 7A have internalized local storage and 
manage a home music library. Local storage includes a protected area and user data area, and is a recording medium 

5 that secu-'ely stores data sets formed of copyrighted materials, as shown in tie examples of Fig. 4. The following is an 
explanation of the functions performed by such consumer devices, taking a personal computer as an example. 
[0042] First, the method by which customer devices obtain copyrighted materials using the network route is 
explained. Fig. 8A shows the distribution server 103, and customer devices belonging to a plurality of users (personal 
computers 111 to 11 6), all connected to a network. Customer device 1 1 1 , like a digital terminal, can access the distri- 

10 bution server 103 via the network, and obtain one or more of a plurality of copyrighted materials, accumulating the 
obtained copyrighted materials in local storage. 

[0043] A home music library, can be constructed in local storage' by repeatedly obtaining copyrighted materials via 
the network, and check-out and check-in of each copyrighted material can be managed based on the corresponding 
Usage Rule, Figs. 8B and 8C show a situation in which the customer devtoe 1 1 1 can perform check-out and check-in 

r5 up to three times. In other words, the Usage Rule shows that check-out Is permitted, and if an upper limit is set on the 
number of check-outs, check-out can be performed until this limit Is reached. This process is performed as follows. The 
SD memory card 1 00 is connected to the customer device 111 , and if a check-out instruction is issued, encrypted data 
and plain text data are written Into the user data area 8 on the SD memory card 1 00. An encryption key corresponding 
to the copyrighted material is also written into ttie protected area 3. Then a number of check-outs is decremented. If the 

20 data set forming the copyrighted material Is recorded onto three SD memory cards 1 00, thereby causing the number of 
check-outs to be decremented to 0, the customer device 1 1 1 sets the encryption key, encrypted data, and plain text 
data stored in local storage in a state that does not permit check-out, as shown in Fig. 8C. . ' 
[0044] Here, perfomiing check-out enables a data set forming a copyrighted material to be recorded on the SD 
memory card 1 00, thereby enabling a compatible device to play back the copyrighted material when eorinected to the 

£5 SD memory card 100, but not to copy it to another recording medium. The reason for this is that the compatible device 
does not have a Usage Rule, and so cannot read the encryption key from the SD memory card 1 00 and record it onto 
Its own internalized recording medium or another recording medium. If an incompatible device attempts to read and 
record a data set from the SD memory card 100, such a device cannot access the protected area 3 (see Fig. 4A), and 
so is unable to obtain the encryption key and the Usage Rule. Therefore, in actual fact, the copyrighted, material 

30 recorded on the SD memory card 1 00 cannot be recorded onto another recording medium without the Usage Rule. This 
means that a first generation copy from the customer device onto the SD memory card 1 00 is permitted, but a second 
generation copy from the 80 memory card 100 onto another recording medium is not permitted. By preventing second 
generation copies, unlimited copying is prohibited. 

[0045] Next, the method by which customer devices obtain copyrighted material via the SD memory card route is 

36 explained. Fig. 9 shows a distribution server 1 03 included in a track distribution system relating to this embodiment, and 
a plurality of devices and playback apparatuses, when the customer device 11 1 obtains the copyrighted material via the 
SD memory card route. Processing performed by the SD memory card 100 to obtain the copyrighted materials Is as 
follows. When, as shown by arrow mvl , the Usage Rule of the copyrighted material stored on the SD memory card 1 00' 
includes Move Control Information showing that at least one move is permitted, the customer device 1 1 1 reads the data 

40 set forming the copyrighted material from the SD memory card 1 00 as shown by the arrow mv2, and records the read 
copyrighted material in internalized local storage. ' Following this, the data set forming the copyrighted material Is deleted 
from the SD memory card 100. By fetching the copyrighted material from the SD memory card 100 and then deleting 
it, the same conditions are created within the customer device 11 1 as when the copyrighted material was obtained by 
the network route. After this, the customer device can perform check-out based on information In the Usage Rule. On 

4S the other hand. If the Usage Rule of the copyrighted material recorded on the SD memory card 1 00 as shown by the 
arrow mv3 includes Move Control Infomiation showing that moves can be performed 0 times, the customer device ill 
cannot read the data set forming the copyrighted material from the SD memory card 100. The SD memory card 1 00 
can be inserted directly into SD-Audio players 122, 123 or 124 bypassing the customer device, as shown by the arrow 
msl , and played back. Copyrighted materials whose Usage Rules cannot be moved may be sold at a lower price. 

50 [0046] When the permitted number of moves in the Move Control Information has been set at 1 by the distribution 
server 103 in Fig. 9, the Usage Rule is moved between recording media with the permitted number of moves in the 
Move Control Information being reduced in the following way. 
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Permitted Number 
of Moves = 1 



SD Memory Card 

Permitted Number 
Of Moves = D 



[0047] When the permlttecl number of moves in the Move Control Information has been set at 2 by the distribution 
server 1 03, the Usage Rule Is moved between recording media with the permitted number of moves In the Move Control 
Infonnetion being reduced in the following way. 



SD Memory Card 



-> Local Storage 



Permitted Number 
of Moves =• 2 



Permitted Number 
of Moves =» 1 



Permitted Number 
of Moves = 0 



[0048] When a customer device obtains, via a network, a Usage Rule with a permitted number of moves set at 2 by 
the distribution server 1 03, the Usage Rule is moved between recording media (SD memory card 1 00, local storage) 
with the pennitted number of moves in the Move Control Information bSlng reduced in the following way. 

Network > . Local Storage > SD Memory Card 



Permitted Number 
of Moves =» 2 



Permitted Number 
of Moves =■ 1 



Permitted Number 
of Moves = 0, 



[0049] When a Usage Rule is obtained via a network with the number of pennitted moves set at 3, the Usage Rule 
can be moved from the customer device to other local storage. Copyrighted malarial can be moved via the SD memory . 
card 100, but note that moving copyrighted material directly from one local storage location to another is not permitted. 

Network > Local Storage 



Permitted Number 
of Moves « 3 



Permitted Number 
of Moves = 2 



->Local Storage 



SD Memory Card 



Permitted Number 

of Moves = 1 



Permitted Number 

of Moves = 0 



BNSDOCID: <EP_ 



EP 1 081 616 A2 



[0050] SD-Audio players 122 to 124 perform check-out to play back, using an encryption key, encrypted data 
recorded on a portable recording medium. SD-Audio player 122 is a set of headphones, SD-Aubio player 123 is a port- 
able device, and SD-Audio player 124 is a wristband device. Users can use such devices to. play back the encrypted 
5 data on the way to work or school. In one example in Rg. 9, if a data set forming a copyrighted material is moved to the 
customer device 111, the customer device 1 11 checks out the encrypted data and encryption key based on the details 
written in the Usage Rule, to, for example, three portable recording media. If the encrypted data and encryption key is 
checked out fo three portable recording media In this way, the SD-Audlo players TS2 to 1 24 can reproduce the data that 
has been checked out. 

10 [0051] This completes the explanation of the devices used in EMD. Next, the data set forming f he copyrighted mate- 
rial will be explained in detail. First, the format in which copyrighted materials are transfen-ed from the distribution server 
103 to a digital terminal, in ether words the data structure of the copyrighted material at distribution, is explained. Cop- 
yrighted materials in units such as songs are distributed in units called packages, and collections of copyrighted mate- 
rials such as music albums in units called titles, the data structure of packages and titles is. explained with reference to 

IS the example shown in Fig. 1 0. In the drawing, a title is formed from one or more packages #1 to JN. Each package Is a 
distributable file, and includes a header, a Navigation Structure, a plurality of Content Elements (CEL#1, #2. #3 and so 
on) and a Default Offer. 

[0052] The Navigation Structure is data showing the playback control procedure, indicating how each Content Ele- 
ment Is to be played back. In the example in Rg. 10, the Navigation Structure indicates that the picture object of CEL#3 

so is to be displayed when CEL#1 is played back. 

[0053] Content Elements (CEi_s) are infofmation elements which form the- copyrighted materiai, allocated In terms 
of media type. In this case the copyrighted material Is a song, and includes audio, a promotion picture that is to be dis- 
played when the song is played back and the like. A package stores. such data as different CELs according to media 
type. The third level in Fig. 10 shows example CELs. CEL#1 is MPEG-AAC stream data obtained by encoding the 

25 sound of a certain song, CEL#2 is a time search table showing data intervals in the MPEG-AAC stream of CEL#1 when 
that stream Is accessed at two-seoond intervals, and CEL#3 is JPEG still pk;ture data to be displayed as a background 
image when CEL#1 Is played back. Thus, it can be seen that information for each media type relating to a song is stored 
as an individual CEL inside a package. Of this data, the AAC stream data and the still picture data are encrypted to 
obtain copyright protection, and stored In the package as encrypted data. ■ 

30 [0054] The 'Default Offer' is information showing commercial requireirients to be applied when the copyrighted 
. materiai is sold, and includes a retail price and an encryption key for decrypting encrypted data included in the copy- 
righted material. , 

[0055] Fig. 1 1 shows the hierarchical data structure of the Default Offer. In the drawing, the Default Offer Includes 
an 'Offer Header", a 'CEL Keychain', and a 'Digital Right Management" (DRM), which is a Usage Rule indicating the 

35 rights to control recording of the copyrighted material. The internal structure of the CEL Keychain is shown within the 
broken lines Dfl , and includes a CEL Keychain Header (CKH), an attribute for the GEL Keychain CK_ATR, and CEL 
. Keys (CKs) #1 , #2, #3, #4 to #n, each used to decrypt CELs included in a same package. 
[0056] The internal structure of the DRM is shown within the broken lines Df2. The DRM includes 'Move Control 
Information' (IVIVCNTI), 'Check-Out Control Information' (COGNTI), 'Pennltted Playback Count* (PB_COUNT), and con- 

40 . tents distributer IDs 'PDDRM_FR_ID1 ' to 'PDDRM_FR_ID4'. Move Control Information indicates whether a move from 
the SD memory card 100 to local storage Is permitted when the copyrighted materiai is already recorded on the SD 
memory card 1 00. The Check-Out Control Information indicates the number of times check-out by the customer device 
is permitted when the copyrighted material is moved to local storage. 

[0057] The Permitted Playback Count indicates the conditions under which playback of the copyrighted rtiaterial is 

45 pennitted. . 

[0058] The detailed setting of the Move Control Information Is shown between broken lines py1. A setting of OOh 
indicates that a move from the SD memory card 1 00 to local storage Is not permitted, while a setting of 01 h Indteates 
that one move from the SD memory card 100 to local storage Is permitted. The digital terminal that received the pack- 
age decrements the number of pennitted moves shown by the Move Control Information by 1 , and then records the dec- 

50 remented information on the SD memory card 1 00 by the digital terminal. 

[0059] The detailed setting of the Check-Out Control Information is shown between the broken lines py2. A setting 
of 001 Indicates that check-out of the copyrighted material is permitted only once (to only one recording medium), a set- 
ting of 002 indicates that check-out of the copyrighted material Is permitted twice (to two recording media), and settings 
of 3 aind 4 indicate that check-out is permitted to three and four recording media respectively. 

55 [0060] The detailed setting of PB_COUNT is shown between the broken lines pyS. PB_COUNT includes a Play- 
back Time indicating the number of seconds counted during one playback of the copyrighted material, and a Playback 
Counter indicating the number of times that playback of the copyrighted material is permitted. 
[0081] Next,theedalastructureintowhichthedatasetformingthecopyrightedmateriallsconvertedwhenthecop- 
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yrlghted material is recorded onto the SD memory card 100 is explained. When the copyrighted material Is recorded 
onto the SD memory card 100, units such as songs are converted to a track format. A track includes an audio object 
(AOB) formed from encrypted audio data, a picture object (POB) formed from encrypted picture data, and Track infor- 
mation (TKI) for controlling track playback. All data forming the copyrighted material is managed In track units, regard- 
5 less of type. 

[0062] Collections of copyrighted materials such as music albums are converted into a format known as a track 
sequence when recorded onto the SD memory card 1 GO. A track sequence includes a plurality of tracks and a Playlist 
defining the order in which the tracks^are to be played. A data structure for managing the copyrighted material on the 
SD memory card 1 00 as tracks and a track sequence is shown in Fig. 1 2. Fig. 1 2 shows files and directories fonned in 
10 order to record the data settorming the copyrighted material. In the drawing, arrows PF1 to PF7 Indicate correspond- 
ences between each piece of data included in a package and a file in the application layer. 

[0063] The user data area 8 In Fig. 12 contains three directories; Root, SD_AUDIO, and SD.ADEXT. The 
■SD_AUDIO directory stores data compliant with the SD-Audlo Verl.O standard, and the SD_ADEXT directory data 
unique to the SD-Audio Verl ;1 standard. As a result, devices CMTlpliant with the SD-Audlo Verl .0 standard can access 
15 the SD_AUDIO directory, but not the SD_ADEXT directory, while devices compliant with the SD-Audip Ver1 .1 standard 
can access both the SD_AUDIO and SD_ADEXT directories. Note that the asterisks in the drawing represent Integers 
between 001 and 999. 

[0064] The following explanation describes each of the files in the SD_AUDIO directory in turn. As shown in Fig. 12, 
the SD_AUDIO directory includes five types of file: ■AOB*".SA1', 'POB***.SPT, 'SD_AUD10.TKI\/1', "SD_AUDI0.PLIV1', 
20 and'POBOOO.POM'. 

[00651 'A0B***.SA1 ' are files storing the AAC stream data from the plurality of cells included in a package as AOBs. 
The extension 'SA' is an abbreviation of Secure Audio, and indicates that the contents of a file require copyright protec- 
tion. 

[0066] The following is an explanation of the internal structure of an AOB file. Fig. 13 shows a hierarchical data 
25 structure of an AOB file. In the drawing, the first level shows an AOB file, and the second level shows ah AOS. The third 
level shows an AOB_BLOCK, the fourth level shows an AOB_ELElWENT, and the fifth leyels shows an AO.B_FRAM E. 
[0067] The 'AOB_FRAIVlE' in the fifth level of Fig. 13 is the smallest unit making up the AOB, and is a piece of var- 
iable-length data with a playback time of approximately 20 milliseconds. . 

[OOSiB] The 'AOB_ELEMENr in the fourth level is a piece of variable-length data with a playback time of approxi- 
30 mately 2 seconds, whose length is shown in the time search table. 

[0069] The 'AOB_BLOCK' in the third level is the valid data of the AOB excluding any invalid areas which may exist 
at the start and end of the AOB, and is specified by BIT in the TKI. 

[0070] The AOB in the second level Is a piece of data with a playback time of no more than 8,4 mlns. The reason 
for limiting the playback time of an AOB to 8.4 mlns is that the time search table is restricted to a size of no more than , 
35 504 bytes, due to the fact that the number of AOB_ELEiVIENTs included in an AOB is limited. The following describes 
in detail why limiting the playback period restricts the size of the time searcli table. 

[0071] When a playback apparatus performs a fonivard or backward search, the playback apparatus skips the read- 
ing of two seconds of audio data and then plays back 240 milliseconds. When skipping.two seconds of data, the read 
addresses of data at two second intervals can be written into tfie time search table, and referred to by ttie playback 
40 apparatus when a fonward or backward search is requested. The data size of audio data with a playback time of two 
seconds depends on the bitrate used when playing back the audio data. As stated above, a bltrate in the range of 1 6 
kbps to 144 kbps is used, so that the amount of data played back in two seconds will be between 4 KB (= 16 kbps x2/8) 
and 36 KB (= 144 kbps X 2/8). 

[0072] Since the amount of data played back in two seconds will be between 4 KB and 36 KB, the data length of 
46 each entry in the time search table for recording the data length of audio data needs to be two bytes (= 1 6 bits). This is 
becayse a 1 6-bit value is capable of expressing a number of between 0 KB and 64 KB. On the other hand, if the total 
data size of the time search table needs to be restricted to 504 bytes (this being the size of theTKTMSRT described 
later), for example, the maximum number of entries in the time search table can be calculated as 504/2 = 252. Since an 
entry, is provided every two seconds, the playback time corresponding to this maximum of 252 entries Is 504 seconds 
so (= 2s X 252), or, in other words, 8 minutes and 24 seconds {= B.4 minutes). As a result, setting the maximum playback 
period for an A0B_BLOCK at 8.4 minutes iinhits this data size of the lime search table to 504 bytes. 
[0073] Rg. 14 shows the playback content when the AOBs and AOB_BLOCKs in the AOB file are successively 
read. The first level in Rg. 14 shows the eight AOS files in the user data area 8, while the second level shows the eight 
AOBs recorded in these AOB files. The thini level shows the eight AOB_BLOCKS included in these AOBs. 
55 [0074] The fifth level shows a title made up of five packages. The five packages are the five songs Song A, Song 
B, Song C, Song D, and Song E. The broken lines AS1 to AS8 show the correspondence between the AOB_BLOCKs 
and the parts into which the album Is divided, so that the fourth leval.in Fig. 14 shows the units used to divide the album 
shown on the fifth level. . ' . ' ■ ' 
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[0075] AOB#4 has a playback time o1 8.4 minutes and is the first (or 'head!) part of the. Song D that has a playback 
time of 30.6 minutes. The AOB_BLOCKs included in A0B#5 and A0B#6 are middle parts of the Song D and also have 
playback periods of 8.4 minutes. The AOB_BLOGK included in AOB#7 is the end part of the Song D and has a playback 
period of 5.4 minates. In this way, a song that has a total playback period of 30.6 minutes Is dMded into (8.4 + 8.4 + 8.4 
5 + 5.4-minute) parts that are each included in a different AGB. As can be seen from Rg. 14, the AOB included in each 
AOS file is subjected to a maximum playback period of 8.4 minutes. Rg. 1 5 shows the eight .AOB files stored in the title 
. (album) shown in Rg. 14. ■ 

[0076] ■ 'POB***.JPG' and 'POB***.SP1' are files storing still picture data. The difference between the two types of 
file lies in the area of copyright protection. While a file POB"'.JPG simply stores still picture. data in JPEG (Joint Pho- 
10 tographics Experts Group) format, a file P0B***.SP1 stores data that is encrypted to protect the copyright of the still 
picture (the extension SP1 stands for Secure Pfcture. Indicating that copyright protection is required). 
. [0077] The file 'SD_AUDIO.TKM' contains data that has inherited the content of the package header, Navigation 
Structure, and time search table, and Includes a Track Manager, 

[0078] Rg. 16A shows a detailed hierarchical structure of .the Track Manager. In other words, logical formats posl- 
75 tioned on the right side of the drawing show the structure of logical formats positioned to their left in the drawing In more 
detail. Broken lines are .used to indicate clearly which part of the logical format on the left side Is shown In more detail 
by the logical format on the right side. If the structure of the Track Manager represented in this way in Rg. 1 6A is referred 
to, it can be seen that it is formed from n pieces of Track Information (abbreviated to TKI), #1 to #n, as shown by the 
broken lines hi . TKIs are information used to manage AOBs recorded In AOB files as tracks, and one TKI corresponds 
20 to each AOB file. 

[0079] Refen^i ng to Rg. 1 8A, it can be seen that each TKI , as shown by the broken lines h2, includes Track_General 
Infomnation (TKGI), and a Traok_Text_lnformation_Data_Area (TKTXTLDA) recording text Information unique to the 
TKI, such as an artist name, an album name, an arranger name, and a producer name, and a 
TrBck_Tlme_Search_Table (TKTMSRT) in which the playback time is restricted to 8.4 minutes. 

ss [0080] FIG. 17 shows how the TKIs in FIG. 1 6 correspond to the AOB files and AOBs in FIG. 14. The boxes on the 
first level in FIG. 1 7 show a sequence of tracks Track Ato Track E, the large frame on the second level shows the Track 
Manager, while, the third and fourth levels show the eight AOB flies given in FIG. 1 4. The. eight AOB files record the eight 
AOBs shown in FIG. 1 6, and form a music album including track A, Track B, Track C, Track D, and Track E, The second 
level shows the eight TKIs. The numbers '1 ', to '8' assigned to each TKI are the serial numbers used to identify each 

30 TKI, with.each TKI corresponding to the AOB file that has been given the same serial number, 001 ,002, and so on. With 
this in mind, it can be seen from FIG. 17 that TKI#1 corresponds to the file 'AOBOOI .SAl ', that TK1#2 corresponds to 
the file 'AOBO02.SA1 ', TK1#3 corresponds to the file 'AOBOOS-SAI ', and tKl#4 con-esponds to the file 'AOB004.SA1 '. 
The correspondence between TKIs and AOB files Is shown by the arrows TA1 to TA8 in FIG. 17. In this way, each TKI 
corresponds to a different AOB recorded in an AOB file and gives detailed information that applies only to the con-e- 

35 spending AOB. 

[0081] . The detailed structure of a TKGI is shown in Fig. 168. As shown in the drawing, a TKGI includes TKLID', 
TKIN', 'TKLBLK_ATR', TKI_LNK_PTR', 'TKI_S2', TKLPB_TM'. 'tKI_AOB_ATR', 'TKLPOB_ATR', 'TKLTII.ATR', 
TKI_TI2_ATR', 'TKLTMSRT_SA','1SRC', TKLAPP_ATR', 'BIT, and'TKI_POB_SRP'. 

[0082] An ID from which the TKI can be instantly distinguished is written in TKl^lD" (in the embodiments the ID is 
40 a 2-byte code 'A4'). 

[0083] TKi numbers in a range between 1 and 999 are written In TKIN'. 
[0084] An attrtoute for the TKI is written in TKI_BLK_ATR'. 

[0085] The following describes the settings of the TKLBLK_ATR for each TKI in the example shown in FIG. 1 7. By 
referring to the TKI_BLK_ATR of each TKI, it can be seen that since the four pairs TKI#1/AOB001.SA1, 

45 TK1#2/AOB002.SA1 , TK1#3/AOB003.SA1 , and TKI#8/AOB00B.SA1 each correspond to separate tracks, the 
TKl_BLJ<_AtR of each of tKI#1, TKI#2, TKI#3, and TKI#B is set as Track'. The TLK_BLKJ>iTR of TK1#4 is set at 
•H6ad_of_"n-ack', the TUK_BLK_ATR of TKI#7 Is set at 'End_of_Track', and the TLK_BU<_ATR of TKI#5 and TK1#6 Is 
set at ■MidpoInt_of_Track'. This means that the AOB file 'AOB004.SA1 ' con-esponding to TKI#4 Is the start of a track, 
the.AOB files 'AOBOOS.SAI ' and 'AOBOOe.SAI' corresponding to TKIfS and TKI#6 are midpoints of the.track, and the 

50 AOB file 'AOB007.SA1' corresponding to TK1#7 is the end of a track. 

[0086] TKI_BLK_ATR can be set so that combine editing, In. which any two of a plurality of tracks are combined to 
form a single track, and divide editing, In which one track is divided into a plurality of new tracks, can be easily per- 
formed. The following explains the change in TKI when two tracks are combined. 

[0087] FIGS. 1 8A and 1 8B show how the TKIs are set when two tracks are combined to produce a new track.. The 
55 example in FIG. 1 BA shows a case when the user performs an editing operation to combine Track C and Track E into a 
single track. 

[0088] In this case, the AOBs that correspond to Track G and Track E are recorded in the AOB files AOB003.SA1 
and AOBOOS.SAI Which correspond to TKI#3 and TKI#8, so that the tKI_BLK_ATRs of TK1#3 and TK1#8 are rewritten. 
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FIG. 1 8B shows the TKLBLK_ATR of these TKls after rewriting. In FIG. 1 8A. the TKI_BLK_ATRs of TKI#3 and TKI#8 
are written as Track", but in FIG. 1 8B the TKLBLK_ATR of TKI#3 is rewritten as 'Heacl_of_Track' and the TKLBLK_ATR 
of TKI#8 is rewritten as 'Encl_of_Track'. By rewriting the TKLBLK_ATRs in this way, the AOB files AOB003.SA1 and 
AOB00B.SA1 whicti correspond to TKI#3 and TKI#8 end up being treated as.parts of a single track, the new Track C. 

5 [0089] . The following is an explanation of the change in TKI when a track is divided. Figs. 19A and 190 show an 
example in which a single track is divided to produce two new tracks, in the drawing, the user Is assumed to have per- 
formed an editing operation that divides Track C into two new tracks, Track C and Track F. When Track CIs to be divided 
Into a new Track C and Track F, the AOB file 'AOB002.SA1 ' is generated corresponding to Track F. FIG. 1 9A shows that 
TKI#2 is set as 'Unused', with this TKW2 being assigned to the newly generated AOB file 'AOB002.SA1'. 

10 [0090] 'TK1_LNK_PTR' contains TKIN for a link target TKI. As shown' by arrows TL4, TL5, and TL6 in Fig. 17, the 
TKI_LNK_PTR for each of TKI#4, Tl<l#5, TKI#6, and TKI#7 corresponding to the four AOB files forrriing Track D are set • 
so as to indicate a. next TKLLNK_PTR. 

[0091] TKLSZ' Pontalns the data size of the TKI is written in byte units. 

[0092] 'TKI_PB_TM' contains the playback time of the track formed frorfi an AOB in an AGB file corresponding to 
IS the TKI. 

[0093] 'TKI_AOB_ATR' contains encoding requirements that must be followed when ah AOB is generated. These 
include the frequency at which the AOB recorded in the AOB corresponding to the TKI should be sampled, the bitrate 
at which it should be transferred, and the number of channels. 

[0094] TKLPQB ATR' contains fields in which the POB mode (sequential mode, random mode, shuffle mode). 
2o POB display, and a mode showing whether the POB is to be synchronized with the AOB file corresponding to the TKI 
(slide show mode, browsable. mode) are set. 

[0095] 'TKLTi1_ATR' and •TKLTI2_ATR' show the types of text information to be displayed together with the cop- 
yrighted material, for example IS0646; JISX0201 , IS08859, Muslq Shift JIS (Japan Industrial Standard) characters and 
the like). 

25 [0096] 'TKLTMSRT_SA' contains the start address of TMSRT . 

[0097] 'ISRC contains the ISHG (International Standard Recording Code) of the TKI. 

[0098] 'TKI_APP_ATR' contains the genre of the application stored on the SD memory card 100. This may be, for . 
example, a music type, karaoke software, or presentation data. 

[0099] ' The block information table ('BIT') manages AOB_BLOCKs; The right side of- Fig. 16B shows a detailed 
30 structure of the BIT. As shovyn in the drawing, the BIT includes a DATA_Offset field, an SZ_DATA field, a 
Fns_1st_TWlSRTE field, a Fns Xast_TMSRTE field, a Fns_Middie_TMSRTE field, and a TIIVIE_LENGTH field. Each of 
these fields Is' described in detail below: 

[0100] The relative address of the start of an AOB_Bl-OCK from the boundary between clusters Is written in the 
'DATA_Offsef as, a value given In byte units. This expresses the size of an invalid area between an AOB and the 
35 , AOB_BLOCK. As one example, when a user records a radio broadcast on the SD memory card 100 as AOBs and . 
wishes to delete an Intro part of a track over which a DJ has spoken, the DATA_Offset in the BIT can be set to have ttie 
track played back without the part including the DJ's voice. 

[01 01] 'SZ_DATA' contains the data length of an AOB_BLOCK expressed in byte units. By subtracting a value pro- 
duced by adding the SZ_DATAto the DATA_Offset from the file size (an integer multiple of the cluster size), the size of 

40 the Invalid area that follows the AOB_BLOCK can be found. In other words, when a section which does not need to be 
played back existe in the latter part of the AOB, the SZ_DATA can be adjusted to prevent this Invalid section from being 
played back. Tnus, sections at the start and end of the AOB can be deleted by operating DATA_Offset and S2_DATA. 
[0102] 'Fns_1st_TMSRTE' contains the number of AOB_FRAMEs included In the AOB_ELEMENT positioned at 
the start of . a present AOB_BLOCK. 

45 [0103] "Fns_Last_TK^SRTE' contains the number of AOB^FRAMEs included in the AOB_ELEMENT positioned at 

the end of the present AOB_BLOCK. 
. [0104] 'Fns_Mlddle_TMSRTE'containsthe numberof AOB_FRAIVIEsIncludedineachAOB_ELEMENTapartfrom , 
those at lha start and the end of the present . AOB_BL0CK, which is to say AGB_ELEMENTs in the middle of the 
AOB_BLOCK. 

so [0105] . The TIME_LENGTH' field contains the playback period of an AOB_ELEMENTis written correctto the near- . 
est millisecond. The T1ME_LENGTH' field Is 16 bits long. When the encoding method used is MPEG-ACC or MPEG- 
LayerS, the playback period of an AOB.ELEMEhfT is two seconds, so that: the value .'2000' is written In the 
TIME_LENGTH' field. . 

[0106] FIG. 20 shows the clusters 007 to OOE that store the AOB composed of ApB_ELEMENT#1 to 
55 AOB_ELEMENT#4. The following describes th^ settings in the BIT when an AOB Is stored as shown in FIG. 20. The 
AOB_ELEIViEIMTs #1 to #4 occupy. the region between mdO in cluster O07 to md4 in cluster OOE. This regions is indi- 
cated by the SZ_DATA in the BIT, as shown by arrow sdl in FiG. 20. The DATA_Offset given in the BIT gives the length 
of an unoccupied region udO, which is to say, a position value for the start of the AOB^ELEMENT#1 relative to the start 
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of cluster 007. Thus, it can be seen that the BIT manages the offset between the cluster boundary and the 

AOB_ELEMENT 

[0107] The field 'TKI_POB_SRP' indicates the POB to be displayed during the playback period of a specific AOB, 
a playback period being one of the time periods during which piaybacl< Is performed according to a playback order spec- 
s ified In u-ie Playlist information, in otfier Vifords, the Track Manager car: indicate the POB to be displayed for each tracks 
by setting the TKI_POB_SRR 

[0108] Rg. 21 shows an example of a setfing of TKLPOB_SRPs for TKI#2 to TK1*4 included in the Track fulanager. 
The first level shows the Track Manager, and the second level three POB files. The Track Manager on the first level 
includes eight TKIs. and arrows indicate which of the TKI_POB_SRPs in TKls reference the POBs. According to the 
10 reference relationships indicated by the an-ows, the TKI_POB_SRPS in TKI#2. TKI#3, and TK1#4 indicate POB001, 
POB002, and POB003 respectively The data In POB001 to POB003 is linked to Tracks B, C, and D respectively. Since 
it would be meaningless if at least one POB were not to be reproduced when each track Is played back, the 
: TKI_POB_SRP In the TKls ensure that the POBs are set so as to be reproduced during the entire time that the tracks 
are played back. , 

1S [0109] This completes the explanation of the TKGI. Next, the remaining files shown in Fig. 12 will be explained. 
[0110] The file 'SD_AUD10.PLM' contains infortnation defining the playback order of a plurality of tracks, and 
includes □efault_P!aylist_Track_Search_Polnters (■DPL_TK_SRP') #1 to #m. Fig. 22 shows correspondences between 
Default Playlist Information, TKls, and AOB files. TTie DPL_TKINs in DPL_TK_SRP #1 to #8 in the Default Playlist Infor- 
mation indicate TKls #1 to #8 respectively so that each AOB file is played back as shown by the arrows (1 ) to (8). The 

20 following explains how an editing operation to change the playback order of tracks is performed by changing the order 
of DPL_TK_SRPs in the Default Playlist. Figs. 23A and 238 illustrate a situation in which track order has been changed. 
The setting of DPL_TK_SRPs and TKls In Fig. 23A is the same as that in Fig. 22. The playback ordar In Fig. 23A is 
Track A, Track B, Track C, Track D, and Track E. In the Default Playlist Information in Fig. 23B, however, the DPL_TKINs 
for DPL TK_SRP#3 and DPL_TK_SRP#8 have been interchanged, so the playback order is Track A. Track B, Track E, 

?5 Track D, and Track C. Interchanging the order of DPl^TKINS in the Default Playlist Information in this way enables the 
track playback order to be easily changed. 

[0111] The file 'POBOOO.POM' contains control infomnatlon for each POB, such as whether a POB is indicated by 
TKGI, and if it is indicated, the number of indications. 

[0112] This completes the explanation of files included in the SD_AUDiO directory. Next, flies included in the 
30 SD_ADEXT directory are explained. The directory name 'SD_ADEXT' stands for SD-AUDIO EXTENSION, indicating 
that the directory is an extension that has been added for data compliant with the SD-Audio Verl .1 standard. 
[Oil 3] The file 'STKI***.SDr contains Secure Track Information with an internal structure as shown in Rg. 24. From 
the drawing, it can be seen that the STKl includes 256 bytes of Secure Track General Information (S_TK6I), and a 256- 
byte Secure Track Text Infonnatlon Data Area (S_TKTXTLDA). Comparison of the STKr".SDT file with TKl reveals 
35 that the TKTMSRT present In the TKl is not present in the STKl. In addition, comparison of the TKGI in the TKl and the 
STKl reveals that the TKLTMSRT_SA, and. BIT present in the TKl, have beer replaced by Free ID areas 1 to 4 
(S_TKI_FR_1D 1 to 4). S_TK1_FR_ID I to 4 are fields in.whtch ID infomiation such as IDs for individual KIOSK lemnl- 
nals, distribution formats and individual users are written. 

[Oil 4] The following explains the differences between the TKl and STKl. Unlike the TKl, the STKl is moved together 
40 with the AOB from the SD memory card 1 00 to local storage when the Usage Rule for the copyrighted material is moved 
from the SD memory card 1 00 to local storage. The STKl contains S_TKI_FR^1 D 1 to 4, and since these record 1 Ds for 
individual KIOSK terminals, distribution formats, and Individual, users, the STKl is used as a kind of proof of purchase 
for distributed content's. 

[0115] S_TKI files and AOB files have a one-to-one correspondence, files with the same three numbers in the file 
4B name being corresponding files. Fig. 25 shows the relationship between AOB files AOB001.SA1, AOB002.SA1, and 

AOB003.SA1. POB files POB001.SP1, and POB002.SP1 included in the SD J\UDIO directory on the one hand, and 

STKl flies 'STK1001 .SDT, STK1002.SDT, and STKI003.SDT included in the SD_ADEXT directory on the other hand. 

AOBS and STKIs with matching serial numbers correspond, as shown by the arrows AS1 , ASS, and ASS. POBs corre- 
• spond to STKl as indicated by the amows PS1 and PS2, this relationship being detennlned by the S_SKLPOB_SRP in 
so each S_TK1 file. In the example of Rg. 25. S_TK1_P0B_SRP In the file STKI002.SDT indicates POB001.SP1, and 

S_TK1_P0B_SRP in the file STKI003.SDT Indicates POB002,SP1. 

10116} This completes the explanation of files contained in the user data area 8. I^ext, the files contained In the pro- 
. tected area 3 are explained. The protected areas in Fig. 12 has an SD_AUD10 directory containing files 'AOBSAI.KEY' 
and 'POBSPl.KEY', and an SD_ADEXT directory containing flies 'A0BSA1.URM' and 'P0BSP1 .URM'. 
ss [0117] The file 'AOBSA1 .KEY' is an encryption key storage file recording encryption keys (Title Keys) for decrypting 
AOBs. These encryption keys each comespond to one of the plurality of GEL Keys Included in the Default Offer area of 
a package. 

[Oil 8] The file 'POBSP1 .KEY' is an encryption key storage file recording encryption keys (Title Keys) for decrypting 
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POBs. These encryption keys each correspond to one of the plurality of CEL Keys included in the Default Offer, area of 
a package. 

[Oil 9] The file 'AOBSAi ,URW1' is a usage rule storage tile recording Usage Rules corresponding to each AOB. F\g. 
26 shows the structure of the lile AOBSAI. URM. in the drawing, the file AOBSAI .URIVllncludes 'Usage RulelWanager 
5 information', that is a header section recording information such as ID information, version number, and file size, and 
Usage Rule Entries #1 to #n (in the drawing n=8). 

[0120] The file 'P0BSP1 .URM' is a usage rule storage file recording Usage Rules corresponding to each FOB on 
a one to one basis. The corresponding data is POBs rather than AOBs, but the data structure Is the same as that of the 
file A0BSA1 .URM. . ' ' . ' ' • 

fo [0121] Rg. 27 shows the correspondences between AOBSAI .KEY, AOBSAI. URN, and AOB fileiS when the 
SD_AUDiO directory has eight AOB files, eight encryption keys corresponding to these files are recorded in 
AOBSAI .KEY and eight Usage Rules corresponding to these files are recorded in AOBSAI .URiW. 
[0122] The encrypted AOB files, the encryption key storage file, and the Usage Rule storage file correspond 
according to the predetermined rules (1 ), (2), and (3) described below. 

IS 

(1) The encrypliori key storage file, and the Usage Rule storage file are arranged into a directory with the same 
directory name as the directory In which the encrypted file is stored. In FIQ. 27, AOB files are arranged into the 
SD_AUD10 directory in the user data area 8. The encryption key storage file is also arranged into the SD_AUDIO 
directory. The usage rule storage file is arranged into a directory SD_ADEXT that is a sub-directory of the 

20 SD_AUD10 directory. 

(2) The encryption key storage file and usage rule storage file are given a filename produced by combining the first 
three letters of the filename of the AOB files in the data region with one of the predetermined '.KEY' or '.URM' exten- 
sions. Figs. 28A and 28B show the correspondence between AOBSAI . KEY, AOBSAI. URIVI, and AOB files. When 
the filename of an AOB file is 'AOBOOI.SAV, the encryption key storage file is given the filename 'AOBSAI. KEY' 

25 produced by adding the first three characters 'AOB', 'SA1 ', and the extension '.KEY"; as shown by the arrows nkl 
and nk2. The usage rule storage file is given the filenaine 'AOBSAI. URM' producedby adding the first three char- 
acters 'AOS', 'SA1 ', and the extension '.URM', as shown by the arrows nk3 and nk4. 

(3) The filenames of AOB files are assigned the serial numbers '001', '002'. '003', '004', and so on, showing the 
position of the Title Key and the Usage Rule corresponding to each audio object in the sequence of encryption keys 

30 given in the encryption key storage file, and the sequence of Usage Rules given in the usage rule storage file. As 
a result, the Title Key and the Usage Rule that were used to encrypt each AOB file will be present in the 'Title Key . 
Entry and the 'Usage Rule Entry' with the same serial number. In FIG. 27, the arrows Aki , Ak2, Ak3, and Ak4 show 
the correspondence between AOB files. Title Keys, and Usage Rules. 

35 [0123] The following is an explanation of the internal structure of Title Key Entries, with reference to Fig. 29. in the 
drawing, a Title Key bniry includes a 7-byte encryption key 'EKEY', an 'Availability- Flag', and a 'Content ID'. 
[0124] The 'Availability Flag' is set at 1 when a copyrighted material exists on the SD memory card 100, and the 
corresponding Title Key Entry contains a valid encryption key, and at 0 when the copyrighted material Is moved from 
the SD memory card 1 00 to local storage. 

40 [0125J The 'Content ID' is information assigned uriiquely to each content The Availability Flag is used in combina- 
tion with the Content ID in the following way. The Content ID for an empty Title Key Entry is 0, and the Content ID for a 
Title Key Entry that is not empty, that is one that has a corresponding AOB file, Is set at between 1 and 999. Whan a . 
track and TKls (AOBs) exist in a one to many correspondence, the Content IDs in the Title Key Entries conresponding 
to the AOBs all have the same value. Meanwhile, when the track and TKI have a one to one con-espondence the Avail- 

45 ability Flag Is set at 1 , and when the track and TKI have a one to many correspondence, the Availability Flag for one of 
the plurality of Title Key Entries is set at 1. and that for the remaining Title Key Entries at 0. If the Content ID is not 0, 
and the Availability Flag set at 0, a plurality of TKls (AOBs) having the same Content ID exist, so all Title Key Entries 
having the same Content ID are detected. This means that it is possible to perfonn a search specifying a plurality of 
TKls (AOBs) corresponding to one Content ID, . - 

50 [0126] Next, Usage Rules are explained. The right half of Rg. 26 illustrates the structure of the Usage Rules. The - 
format of the Usage Rule con^sponding to each AOB Is shown here. This includes a 'C_HASH field', 'Check-Out Con- 
trol Information', 'Move Control Information', a Trigger BIf, a 'Content ID Reld', an 'Availability Flag', and an 'STI Key". 
Ae shown by the T symbol in the drawing, the structure of the encryption key EKEY shown in Fig. 29 is identical, also 
including a Content ID, an Availability Flag, and an encryption key. 

SB [0127] The lower 64 bits of a calculation result obtained by applying a Secure Hash Algorithm (SHA-1) to a con- - 
catenated (linked) Enc-STKI, Enc-STI_KEY, Enc_AOB ('Enc' indicates that the data has been encrypted) is written In 
'C^HASH field'. A hash function is a one-way function, characterized by the fact that changing even one part of the input 
value causes the ou^ut value to differ markedly. Furthermore, it is extremely difficult to deduce the output value (hash 
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value) from the Input value. The value w^ritten in the C_HASH field is used when the customer device accesses the SD 
memory card 1 00, to verify whether the Enc-STKI, the Enc-STI_KEY, and the Eno_AOB have been replaced by other 

[0128J In other words, when the SD memory card 1 00 is connected to the customer device, the customer device 
s concatenates the Enc-STKI, Enc-STi_KtY, Enc_AOB together, and applies tt-pe SHA-1 aigorithm to obtain a 64-bit 
CJriASH-Ref value, as below. The G_HASH-Ref value and the C_HASH written in the C_HASH field of the Usage Rule 
are compared. If the Enc-STKI, the Enc-ST1_KEY. and the Enc_AOB are the same as when reconded on the SD mem- 
ory card 100, the C_HASH-Ref value will be the same as the value written in the Usage Fiule, but if the Enc-STKI, the 
Enc-STLKEY, and Enc_AOB have been tampered with, or replaced by other data, the C_HASH-Ref value calculated 
10 will differ markedly from the C_HASH In the Usage Rule. The C_HASH field is included in the Usage Rule with the 
object of having the customer device perform such a chec!<. 

[0129] The 'Check-Out Control 'Information' shows the number of recording media on which the paired AOB and 
Title Key corresponding to a Usage Rule may be recorded, when the SD memory card 100 is connected to a customer 
device and the Usage Rule moved from the SD memory card 100 to local storage. 

IS [0130] The 'Move Control Infomnatlon' shows whether the movement of the right to control recording from the SD 
memory card 1 00 to local storage is permitted. If 1 1s set, only one move Is pennltted, while if 0 is set, the movement of 
rights is not permitted. The number of permitted moves shown in the Move Control Information is decremented by 1 by 
the customer device connected to the SD memory card 100 having the Usage Rule. Following this, the decremented 
number is stored in local storage by the customer device. 

20 [0131.] If the 'Trigger Bit' is set at 0, movement of rights can be judged by referring to the l^ove Control Information 
alone, while if it Is set at 1 , movement of rights is judged by referring to other information together with the IWove Control 
Information. The Trigger Bit Is provided in order to prepare for future feature expansions of the Usage Rule. In other 
words, judgement of whether a copyrighted material can be moved may need to be performed In future by referring to 
other conditions in combination with the Move Control Information. If such a requirement exists, the Trigger Bit is set at 

25 1 , and the copyrighted material can be moved provided that the conditions are satisfied and that the Move Control Infor- 
mation Is set at 1 . 

[0132] This completes the explanation of the application layer of the data. The following explanation focuses on how 
each of the files described above is moved when a copyrighted material is moved from the SD memory card 1 00 to local 
storage. 

30 [0133] Figs. 30A and 308 show how a data setformlng a copyrighted material is moved frpni the SD memory card 
1 00 to local storage. Of the files arranged in the user data area 8, an AOB file, a POB file, and an STKI file are fetched 
into the user data area in local storage, as shown by the arrows MY1 , MY2 and MY3. Following this, the AOB file, the 
POB file, and the STKI file on the SD memory card 1 00 are deleted. Meanwhile the files A0BSA1 .KEY, P0BSA1 .KEY, 
A0BSA1.URM, and P0BSP1.URM In the protected area 3 of the SD memory card 100 are fetched to the protected 

35 area in local storage, as shown by the arrows MY4, MY5, MY6 and MY7. 

[0134] Figs. 30A and SOB are based on the assumption that all the audio objects in the user data area 8 of the SD 
memory card 100 are moved to local storage. Figs. 31A and 31B, however, shov/ how flies are arranged when only 
three of the eight AOBs are moved to local storage. In Fig. 31 A, AOBs #1 to #3, Title Key Entries #1 to #3, and Usage 
Rule Entries #1 to #3 are deleted from the user data area 8 and protected area 3 on the SD memory card 100, and 

40 arranged Instead in the user data area and protected area in local storage, as shown in Figs. 31 A and 318. 

[013S] Rg. 32 shows how AOB files, POB files, and STKI files shown in Rg. 25 are moved from the SD memory 
card 10O to local storage. In the drawing, AOB001.SA1, AOB002.SA1, AOBOOS.SAI; POB001.SP1, POB002.SP1, 
STKIOOI .SOT. STKI002.SDT, and STKI003.SDT are deleted from the SD memory card 1 00, and these tiles are instead 
arranged in local storage. This completes the explanation of the structure of directories and files in the application layer. 

45 In local storage, directories have the same structure as on the SD memory card 100, but data may be converted to a 
distribution format, that is the format consisting of titles and packages shown In Fig. 1 0, and stored. The following is an 
explanation of the structure of a digital terminal. 

[0136] Fig. 33 shows the structure of a KIOSK type digital terminal. As shown In the drawing, the KIOSK temninal 
includes a released contents browser 21 for viewing a home music library composed of copyrighted materials that have 

50 been released by a record company, a touch panel 22 for receiving search requests and purchase requests for copy- 
righted materials, a communication unit 23 connected to a dedicated line such as a fiber-optic cable for transmitting and 
receiving copyrighted materials, a card connector 24 for performing input from andoutput to the SD memory card 1 00, 
a billing unit 25 for billing users by receiving cash payment using a coin vender or online payment using a cash card or 
IC card, a secure processing unit 26 for executing any required encryption and decryption when accessing the pro- 

55 tected area 3 of the SD memory card 1 00, and a sales service control unit 27 for performing combined conlroj of sales 
services in the KIOSK terminal. 

[0137] Fig. 34A shows the structure of a customer device, in this case a personal computer. The customer device 
includes a local storage 32 for recording a home music library composed of copyrighted materials that the user has pur- 
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chased from the KIOSK terminal, or downloaded via a network using the network route, a communication unit 33 con- 
nected to a public line for transmitting and receiving copyrightsd materials, a card connecter 34, here a PCMCIA 
(Personal Computer Memory Card International Association) card adapter, for performing input from and output to the 
SD memory card 1 00, a home music library browser 35 for browsing tlie home music library, an input receiving unit 36 

s for receiving user operations, a library control unit 37 for performing, according to user operations, processing for add- 
ing a new copyrighted material to the home music library in the local storage 32, and checking-out copyrighted materi- 
als included in the local storage 32 to another recording medium, and a secure processing unit 38 for executing 
encryption and decryption required when accessing the protected area 3 of the SD memory card 100. 
[0138] Next, the internal.structure of the SD-Audio players 122 to 124 is explainedwith reference to Fig. 34B. In Fig. • 

10 34B each of the SD-Audio players 1 22 to 1 24 is a PCMCIA card adapter, Including a card connecter 60 for performing 
input to and output from the SD memory card 1 00, a descrambler 61 for decrypting AOB files using a Title Key, an AAC 
data decoder 62 for decoding AOB files to obtain PCM data, a D/A converter 63 for converting the PCM data from digital 
to analog, and outputting the converted data to speakers via a headphone terminal, and a control unit 64 for performing 
combined control of processing in the SD-AudIo players 1 22 to 124. The SD-Audio players 122 to 124 play back tracks 

IS recorded on ttie SD memory card 100 by a customer device using check-out, or tracks recorded on the SD memory 
card 1 00 together with a Usage Rule that indicates whether moving is pennitted. Here, playback of copyrighted mate- 
rials is explained as being performed by the SD-Audio players 122 to 124, but the customer device may be given the 
same internal structure as that shown in Fig. 34B and perform playback of copyrighted materials itself. 
[0139] Furthermore, user operations may be received by a digital terminal or customer device lay using, instead of 

20 a touch panel, a keyboard, a trackball, a trackpad, or any combination of these. Contents may be viewed on the. 
released contents browser 21 and the home music library browser 35 via, for example, a CFfT (cathode ray tube), a 
. plasma display, or an LCD (liquid crystal display). 
[0140] The following is an explanation of the secure processing unit 26 inside the digital terminal. As shown in Fig. 
35, the secure procesang unit 26 includes an MKB processing unit 41, an ID processing unit 42, an AKE processing 

25 unit 43, a Kmu encrypting unit 44, an STl encrypting unit 45, and a Ks encrypting unlt 46. 

[0141] The MKB processing unit 41 reads an MKB stored in the system area 1 of the SD memory card 100, and a 
device toy Kd attached by the manufacturer of the digital terminal, and obtains a 56.-b!t enci-yption key Km by perform- 
ing a specific calculation using the MKB and the device key Kd, then outjsuts the encryption key Km to the ID processing ' 
unit 42. 

30 [01 42] Upon receiving the encryption key Km from the MKB processing unit 41 , the ID processing unit 42 reads a 
Media-ID from the system area 1 of the SD memory card 1 00, and performs a specific calculation to obtain a 64-bit cal- 
culation result, the lower 56-bits of which are output to the AKE processing unit 43 and the Kmu encrypting unit 44 as 
the encryption l<ey Kmu. 

[0143] The AKE processing unit 43 performs AKE processing using the encryjation key Kmu calculated by the ID 
3S processing unit 42, and the encryption key Kmu on the SD memory card 1 00. The AKE processing unit then outputs 
the 56-blt session key Ks resulting from this calculation to the Ks encrypting unit 46. 

[0144] The l<mu encrypting unit 44 randomly selects an STI_KEY (In the drawing KSTI is Indicated), encrypts this . 
STLKEY using the encryption key Kmu output from the ID processing unit 42, and outputs it to the Ks encrypting unit . 
46. The Kmu encrypting unit 44 also concatenates the Enc-STKI, the Enc-STKLKEY, and the Enc_AOB and calculates 
40 a C_HASH value by applying the algorithm SHA-1 . Upon obtaining the encrypted STLKEY and C_HASH value, the 
Krnu encrypting unit 44 writes the C_HASH value in a Usage Rule, encrypts this Usage Rule using the encryption key 
Kmu and outputs it to the Ks encrypting unit 46. 

[0145] The STl encrypting unit 45 encrypts an STKI using the STLKEY, outputs the encrypted STKI to the SD 

memory card 1 00 and writes it in the user data area B. 
45 [014S] The Ks encrypting unit 46 encrypts a paired STKI and Usage Rule using the 56-bit session key Ks output 

from the AKE processing unit 43, outputs the encrypted pair and writes it in the protected data area 3. 

[0147] This cornpletes the explanation of the structure of the secure processing unit 26 in the digital terminal. The 

following explanation deals with the structure of the secure processing unit 38 In the customer device, the internal 
■ structure of the secure processing unit 38, as shovini in Fig. 36, includes an MKB processing unit 51, an ID processing 
50 . unit 52, an AKE processing unit.53, a Ks decrypting unit 54, a Kmu decrypting unit 56, and an STl decryptlng unit 56. 

[0148] Once the customer device is connected to the SD memory card 1 00, the MKB processing unit 51 reads an 

MKB from the system area 1, and perfprms a specific calculation on the read M1<B using a device key Kd, thereby 
■ obtaining aSB-byte encryption key Km. 

[01 49] The ID processing unit 52 reads a Media-ID from the system area 1 of the connected SD memory card 1 00, 
55 performs a specific cafculation using the encryption key Km calculated by the MKB processing unit 51 and the read 

Media-ID, obtaining a 64-bit calculation result, the lower 56 bits of which it outputs to the AKE processing unit 53 and 

the Kmu decrypting unit 55 as an encryption key Kmu. 

[01 50] . The AKE processing unit 63 performs AKE processing with the AKE processing unit 43 of the SD memory 
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card 1O0, using the encryption key Kmu output from the Ks decrypting unit 54, and outputs the 56-bit calculation result 
to the Ks decrypting unit 54 as a session l<ey Ks. 

[Xi-151 j The Ks decrypting unit 54 reads an encrypted pair of Enc_STKI and Enc-Usage Rule stored in the protected 
area 3 of the SD memory card 1 00, and decrypts the encrypted pair using the 56-bit session key Ks output from the 
5 AKE processing unit 53. Then the Ks decrypting unit 64 outputs the decryption result to the Kmu decrypting unit 55. 
[0152] The Kmu decrypting unit 55 performs decrypting using the 56-bit encryption key Kmu calculated by the ID 
processing unit 52, thereby obtaining an STKI and Usage Rule pair. 

[0153] The STI decrypting unit 56 reads the Enc-STLKEY from the user data area and decrypts the read Enc-STKl 
using the STLKEY, thereby obtaining an STKI. 

10 [0154] The encryption and decryption perfomied by the secure processing units 26 and 38 is performed in Con- 
verted Cipher Block Chaining Mode (C_GBC mode). Suppose that the encrypted data Is 512 bytes. In C_CBC mode, 
each 8-byte section of this data is treated as one block, and the first 8-byte block is decrypted using a 7-byte encryption 
key Mk. The 8-byte calculation result is held as a section key, and used to decrypt the next 8-byte block, and so on. The 
512 bytes of data is decrypted In 8-byte units in this way. 

75 [0155] Furthermore, the processing sequence in which the session key Ks is shared via the AKE processing, 
encrypted data read from the SD memory card 1 00, encrypted data decrypted using the session key Ks, and then fur- 
ther decrypted using the encryption key Kmu is referred to as a secure read. This processing sequence is performed 
when a specified read command (the secure read command) is issued to the SD memory card 100 by a connected 
device. 

20 [0156] In addition, the processing sequence in which data is encrypted using the encryption key Kmu, and then 
encrypted again using the session key Ks obtained via the AKE processing, and the encrypted data transmitted Is 
referred to as a isecure write. This processing sequence is performed when a specified write command (the secure write 
command) is issued to the SD memoiy cand 1 00 by a connected device. This completes the explanation of the secure 
processing units 26 and 38. 

ss . [0157] The following is an explanation of the sales service control unit 27 and the library control unit 37, which are 
control units performing combined processing control for the digital terminal and the customer device respectively. 
[0158] The sales service control unit 27 includes ROM (read-only memory) storing an executable program written 
so as to perform combined control of the digital terminal, RAM (random access memory), and a CPU (central process- 
ing unit). The flowcharts of Figs. 37 and 38 show the procedure performed by this executable-program. The control con- 

30 tent of the sales service control unit 27 is explained with reference to these flowcharts. Whan the processing of the 
flowchart In Fig. 37 is initiated, at step SI , the sales service control unit 27 has a list. Introducing copyrighted materials 
that have been released by the record company, displayed on the screen of the released contents browser 21 , and then 
moves to the loop processing of steps S2 and S3. At step S2, the sales seryice control unit 27 determines whether a 
user has made a purchase request for a copyrighted materia! and, at step 33, detemiines whether a user has made a 

35 search request for a copyrighted material. If a search request has been made, step S3 is Yes, and processing moves 
to step S4. At step S4, the sales service control unit 27 receives a keyword input such as an artist name or song title ' 
from the user via the touch panel 22, and at step S5, searches for Information regarding copyrighted materials relating 
to the keyword from the distribution server 1 03 by accessing the distribution server 1 03 via the communloaBon unit 23. 
Then, at step S6,.the sales service control unit 27 has a viewing screen showing the copyrighted materials resulfing 

40 from the search displayed by the released content browser 21 , and then returns to the loop processing of steps 82 and 
S3. 

[0159] If a purchase request is made by the user, step S2 is Yes, and processing moves to step S7, where the sales 
service control unit 27 waits for cash payment to be made to the billing unit 25. if money is Inserted into the coin vender, 
the sales service control unit 27, at step S8, has a transmission request for a package corresponding to a selected cop- 

45 yrlghted material transmitted by the communication unit 23. Next, at step S9, the sales service control unit 27 waits for 
the package to be received, and at step SI 0, determines whether the package has been properly received. If the pack- 
age has not been properly received, processing moves to step S8, and the sales service control unit 27 has the com- 
munication unit 23 issue another transmission request If the comniunlcation unit 23 receives the package properly, the 
sales service control unit 27, at step S11, converts the package to data compRant with the SD-Audio Verl.1 standard 

50 and records it on the SD memory card 1 00. At step S1 2, the sales service control unit 27 detennines whether data has 
been property recorded on the SD memory card 1O0, and if not, gives a cash refund, at step SI 4. If data has been prop- 
erly recorded, the sales service control unit 27, at step 813, has the billing unit 25 finalize payment. Then processing 
moves to step SI , the sales service control unit 27 has an initial screen displayed by the released contents browser 21 , ' 
and moves to the loop processing of steps S2 and S3. 

55 [0160] The following is a detailed explanation of how data is converted into data compliant with the SD-Audio Verl .1 
standard at step S11, writh reference to the flowchart in Fig. 38. When recording a copyrighted material onto the SD 
memory card 1 00, the sales service control unit 27 accesses the SD_AUD10 directory in the user data area 8 of the SD 
memory card 100, reads the AOB***.SAT files, and perfonms a search to determine whether an unused file number 
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exists. If 399 A0B'".SA1 files already exist, the sales service control unit 27 displays a message Indicating that no 
more contents can be recorded, and processing ends. If the number of AOB***.SA1 files Is less than 999, the sales 
service control unit 27, at step S21 , divides AAC stream data included in the CELs of the package into a plurality of AOB 
files, and records the AOB files in the SD_AUD.iO directory/Next, at step S22, the sales service control unit 27 opens 

s the Track Manager stored in the user data area 8 of the SD memory card 1 00 and generates TKI corresponding to each 
AOB inside the Track Manager. At step S23, the sales service control unit 27 sets data based on the header and Nav- 
igation Structure Included in the package in the plurality of TKCs inside the Track Manager. Next, at step S24, it converts 
still picture data into POB files and a POM file, and records these converted files onto the SD memory card 100. At step 
S25, the sales service control unit 27 divides up a time search table, and sets it as- the TKTMSRT of corresponding 

,0 TKIs, and at step S2B. it sets DPL^TK_S RPs in the Playlist based on the Navigation Structure. This completes the set- 
ting of the data set to be arranged in the SD_AUD10 directory in the user data area 8 of the SD memory card 100. 
[0161] Next, the sales service control unit 27 moves to step S90, and determines v/hetherthe number of permitted 
moves shown in the Move Control Information of the .DRM is 0. If the number is 0, the processing of steps S27 to 833 
and S91 is skipped, and the processing moves to step S35. If the number Is 1 or more, processing moves to step S27. 

75 Next, at step 827, the sales service control unit 27 generates a plurality of STKIs based on the plurality of TKIs gener- 
ated in.the Track Manager. At step 828, the sales service control unit 27 generates a plurality of STLKEYs and uses 
the generated keys to encrypt each STKI, storing the encrypted STKIs in the SD_ADEXT directory. At step S29, the 
sales service control unit 27 performs a secure read of the Usage Rule Managerlrom the SD memory card 1 00, and at 
step 830, generates a Usage Rule corresponding to each AOB in the Usage Rule Manager. At step S91 , the sales serv- 

20 ice control unit 27 decrements the number of pennitted moves, and at step S31 , sets the decremented number of per- 
mitted moves, with the Check-Out Control Information, In each Usage Rule. At step 832, the sales servfce control unit 
27 sets the STLKEYs used to encrypt the STKIs in step 832 in the 8TLKEY field of the Usage Rules. At step S33, It 
performs a secure write of the Usage Rule Manager onto the SD memory card 100. The STKIs and the Usage Rule 
Manager are recorded by the above processing, so that data compliant with the SD-AudIo Verl.1 standard Is set on the 

2S SD memor/ card 100. 

10162] . Next, at step S35, the sales service control unit 27 performs a secure read of the Title Key Manager from the 
SD memory card 100, and at step S36, writes GEL Keys included in the CEL Keychain of the Default Offer in the Title 
Key Entry con-esponding to each AOB in AOBSA1 .KEY. At step 837, the sales service control unit 27 performs a secure 
write of the Title Key Manager, into which the CEL Keys have been written, onto the SD memory card 1 00. 
30 [0163] This completes the explanation of the sales service control unit 27 in the digital terminal. Next, the library 
control unit 37 in the customer device is explained in detail. 

[0164] The library control unit 37 includes ROM (read-only memory) storing an executable program written so as to 
petform combined control of the digital terminal, RAM (random access memory) and a CPU (central processing unit). 
The flowcharts of Figs. 39 to 41 show the procedure performed by this executable program. The control content of the 

35 library control unit 37 is explained with reference to these flowcharts. When the processing of the flowchart in Fig. 39 is 
initiated, at step S41, the library control unit 37 displays a list of tracks stored In the local storage 32, and then moves 
to the loop processing of steps 842 and 843. At step S42, tlie library control unit 37 determines whether a track move 
has been requested, and, at step S43, whether a track check-out has been requested. At step 844, the library control 
unit 37 determines whether a trade check-in has been requested, and at step 845 whether a purchase of copyrighted 

40 material from a server computer has been requested. If a request to purchase copyrighted material from the server 
computer has been made, step S45 is Yes and processing moves to step 846. At Step S46, the library control unit 37 
has a download request transmitted to the communication unit 33, and at step S47 waits to receive a package. If the 
package is received, the same processing as the processing of the flowchart of Fig. 37 performed by the digital terminal 
Is performed, and at step S4fi; the library control unit 37 stores tile received package In the local storage 32. Processing 

4S then moves to steps 842 to 846. 

[0165] . If a request to move a track from the SD rriemory card 1 0O.to the.local storage 32 is made, step 842 is Yes, 
processing moves to step S71 shown in Fig. 41, and the library corrtrol unit 37.parfonns a secure read of the Usage 
Rule Manager from the SD memory card 1 00. In the following explanation, a plurality of tracks stdred on the SD memory 
card 1 00 are each indicated by a variable #x. At step 872, the library control unit 37 writes an initial value into #x, and 

so at step 873, checks the Trigger Bit of Usage Rule#x. If the Trigger Bit Is 1 , processing is moved to the next track by mov- 
ing to stiep 879 and incrementing the variable #x. Then processing moves to step 873. if the Trigger Bit is 0, at step 874, 
the library control unit 37 checks the Move Control Information of Usage Rule#x. If the number of permitted moves 
shown In the Move Control Information Is 0, rnoving the track from the SD memory card 1 00 to local storage 32 is pro- 
hibited, so that processing Is moved to the next track by moving to step 879 and incrementing the variable #x. Then, 

55 processing moves to step S73. If the Move Control Information is 1 , processing moves to step S75. 

[0166] At step 875, the library control unit 37 concatenates Enc-STKI#x, Enc-STI_KEY#x, Enc_AOB#x, and 
obtains C_HAS|-|-Ref value #x. Then, at step S76, the library control unit 37 determines whether the value #x of the 
C_HASH-Ref is identical to C_HASH#x in the Usage Rule#x. If the two are not identical, processing moves to step S79, 
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but if they are identical, at step S80, the library control unit 37 decrements the number of pernnitted moves shown in the 
IWove Control Intomnation of the Usage Rule#x. and at step S81, perfomis a secure write of the Usage Rule#x including 
the decremented number of permitted moves, and the Check-Out Control Information to the local storage 32. Next, at 
step S77, the library control unit 37 performs a secure write oT 0 Into the Availability Flag In Usage Rule#x on the SD 

5 memory card 100 and into ttie Content !D, and performs a secure write of random numbers into the other fields of the 
Usage Rijle#x, induding ST!_KEY, thereby deleting Usage Ru!e#x from the SD memory card 100. !n addition, the 
library control unit 37 makes the TKI#x in the SD_AUDIO.TKM file invalid, and deletes all information relating to TKi#x 
from the default Playlist in the SD_AUD10.PLM file. Then, the library control unit 37 subtracts ;1 from a POB flle refsr- 
ence counter included in the file POBOOO.POM referenced by TKl#x. If the reference counter is 0 when data is moved, 

io the library control unit 37 deletes the POB file. 

[0167] Following this, at step S82, the library control unit 37 reads an AOB#x and an STKWx forming a tracl<#x from 
the user data area 8 on the SD memory card 1 00, and records the read data in the user data area of the local storage 
32. At step S83, the library control unit 37 petforms a secure read of a Title Key Entry for AOB#x from the protected 
area 3 of the SD memory card 1 00, and then performs a secure write of the read Title Key Entry into the pfotected area 

IS of the local storage 32. Thus, the data set fomning the t.rack#x is stored into the local storage 32. 

[0168] Following this, at step S78, the library control unit 37 determines whether the variable #> Is the last number 
in the Usage Rule Manager, and if it is not the last number, at step S79, Increments #x. Then processing moves to step 
S73. 

[0169] Once this processing has been repeated for ail of the Usage Rules in the Usage Rule Manager, the library 
20 control unit 37 moves all of the tracks on the SD memory card l"00 for which a move Is permitted to the local storage 
32. A large number of copyrighted materials are accumulated in the local storage 32 in the customer device when the, 
user purchases copyrighted materials from the distribution server -103 or moves copyrighted materials from the SD 
memory card 100. These accumulated copyrighted materials form a home music library. 

[0170] If a tracl< check-out is requested, step S43 is Yes, and processing moves to step. S6B in Fig. 40. At step S66, 
25 the library control unit 37 waits for the user to selecta track to be recorded onto a recording medium other than the SD 
memory card 100. Once a track is selected (the selected traol< is called track #x), at step SI 00, the library control unit 
37 reads a unique Media- ID from the SD memory card 100 connected to the customer device, searches for an unused 
Content ID, which it then assigns to the content and stores the Media-ID and Content ID for the Title Key Entry as a pair 
as check-out history information. Then, at step S49, tlie library control unit 37 performs a secure read of the Usage 
30 Rule#x corresponding to the trackttx. At step S50, the library control unit 37 determines whether the number of times 
check-out is permitted (the number of check-outs) shown in the Checl<-Out information of the Usage Rule#x is 0. If the 
number is 0, the library control unit 37 skips the processing of steps S51 to S57, and moves to the steps S42 to S46. If 
the number is not 0, however, at step 851, the library control unrt 37 records the data set forming the track #x (apart 
from the Usage Rule) onto another recording medium. When check-out is performed, data from the directory and file, 
35 structure shown in Fig. 12 compliant with the SD-Audio Verl.O is recorded on a portable recording mediumi in other 
words the files "AOB'-rSAI' , 'P0B"*.SP1', 'SD_AUD10.TKM', 'SD_AUD10.PU>fl', 'POBOOO.POM', 'A0BSA1..KEY', and 
'POBSP1 .KEY'. A track Is recorded by this process, allowing track editing, such as combining and dividing, and fonward 
and backward searches to be perfomied. 

[0171 J Next, the library control unit 37 decrements the number of check-outs, and at step S53, detemiines whether 
to the number of check-outs is 0, or 1 or more. If the number of check-outs is 0, the library control unit 37, at step S54 sets . 
the track as 'check-out not permitted' and then moves to step 855. If the number of check-outs Is 1 or more, the library 
control unit 37, at step S55, perfomis a secure write of the decremented number of check-outs to a Usage Rule in the 
local storage 32. Then, at step S56, the library control unit 37 verifies the number of check-outs in the Usage Rule, and 
at step S57 determines whether the number of check-outs has been properly written in the Usage Rule. If the number 
45 of check-outs has been properly written, processing moves to the loop processing of steps S42 to S45. 

[0172] If tlie usef requests Check-in, step 844 is Yes, and at step 81 01 , the library control unit 37 reads a Medla-ID 
unique to the SD memory card 100, and a Content ID unique to a track from the SQ memory card 100. tracks already 
having been recorded on the SD memory card 1 00. At step SI 02, the library control unit 37 compares the paired Media- 
ID and Content ID, and the Media-ID and Content ID in the Check-Out history infomnation, and at step SI 03 determines 
50 whether the tracks recorded on the SD memory card 1 00 are identical to- tracks that have already been checked out. If . 
a track is identical, in other words the same as a track that has been checked out, processing moves to step S58, but if 
the track is not identical, in other words not the same as a track that has been checked out, the library control unit 37 
moves to steps S42 to S45 Without performing check-in processing. 

[0173] As step S58, the library control unit 37 performs a secure read of a Usage Rule from the protected area of 
55 the local storage 32, and, at step S59, detemiines whether the number of check-outs in the Usage Rule is 0. If the . 
number of check-outs is 0, at step S60, the library control, unit 37 reads the data set forming the track, apart from the 
Usage Rule, to a recording medium to perform check-in, and, once the data set has been accuinu lated in the local stor- 
age 32, moves to step S92. If the number of check-outs is 1 or mors, processing moves to step S92. At step S92, the 
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library control unit 37 deletes the data set forming the track from the other recording medium. As step S61, the library 
control unit 37 increments th# number of check-outs, and at step S62, determines whether the number of check-outs 
has reached a maximum number Max. If the number of check-outs is Max, pr'ocessing moves to the loop of steps S42 
to S45, but if the number of check-outs is not Max, at step S63, It performs a secure write of the number of check-outs 
5 and, at step S84, verifies the number of check-outs. At step S65, the library control unit 37 determines whether the 
secure write of the number of check-outs was properly performed, and if so moves to the processing loop of. steps S42 
to S45. 

[0174] In the first ernbodiment management of recording of copies of copyrighted materials recorded in a KIOSK 
terminal can be performed using a personal computer, so a user who has paid the correct charge to purchase a copy- 
jo righted material from a KIOSK terminal can perform check-out and check-In of the copyrighted material using their own- 
personalcomputer. 

Sec<md Embodiment 

15 [0175] A second embodiment relates to an improvement in the SD memory card 100 thjit securely stores copy- 
righted materials, whfch allows copyrighted materials to be previewed. Fig. 42 shows the structure of directories in a 
protected area 3 and user data area 8 relating to the second embodiment When compared to the directory structure In 
Fig. 1 2, the new matter introduced in Rg. 42 is that the SD„AUDIO directory in both the protected area 3 and the user 
data area 3 has a subdirectory SD_ADPRV. RIes 'SD_ADPRV.PLM'. 'SD_ADPRV.TKM', 'P_A0B***.SA1', and 

20 'P_P0B"*.JPG/SP1 ' used to perform preview are arranged In the SD_ADPRy directory In the user data area 8. The 
files 'SD^ADPRV.PLM' and 'SD_ADPRV.TKM' have an identical data structure to the files 'SD.AUDlG.PLiyi' and 
'SD_AUDIO.TKM' in the SD-Audio, standard, and differ only in that they are arranged in a different directory. The files . 
'P.AOB'^.SAI' and •P_POB***.JPG/SP1' are arranged in a different directory and use a different encryption key for 
encryption from correspondlng files In the SD-Audio standard, but are otherwise identical. 

25 [0176] RIes- 'P_AOBSA1. KEY' and 'P^POBSPI. KEY" are arranged in the directory SDJ\DPRV in the protected. . 
area 3. The file 'P_A0BSA1. KEY' includes a plurality of Extended Title Key Entries. The data strueture of these' 
Extended Title Key Entries is shown in Fig. 43. Part ofthe data structure. in the drawing Is the same as that.forTltle Key. 
Entries, but it differs in having an additional preview fields. In the format forthe Extisnded Title Key Entries shown in Fig.. 
43, .these preview fields Include Trigger Bit', 'Preview Counter', 'Preview Threshold', and 'Check-Value Field'. 

30 [0177] The Trigger Bit' field is a flag having the same purpose as the Trigger Bit in the Usage Rules. When this flag 
Is set at 0, tills indicates that judgement of whether to preview a copyrighted material should be performed by referring 
to the pair of Preview Counter and Preview Threshold, while if the flag is set at 1 , this indicates that judgement should 
be performed by refening to other information in addition to the pair of Pt:eview Counter and Preview Threshold. 
[0178] The 'Preview Countei' field shows a number of permitted previews in a range of between 1 and 255, and Is 

35 set based on the Playback Counter in DRM of the Default Offer shown in Fig. 1 1 . 

[0179] .Th.e 'Preview Threshold' field indicates that a riumber of previews should be increased by 1 once the copy- 
righted material has been played back for a certain numbeir of seconds, and is set based on the Playback Time In the 
DRM of the Default Offer shown in Fig. 11 . 

[0180] The 'Check-Value Reld" records a character string pattern for checking. If decryption of the Extended Title 
40 Key Entries Is properly obtained In C_CBC mode, the device can obtain the character string pattern properly from this 
field, but if the Extended Title Kay Entries have been tampered with while still encrypted, the device cannot obtain the 
character string pattern from the field. The reason for this is described below. . 

[01 81 1 The decryption perfdrme.d in C_eBC mode is perfonned in 8-byte units using a 7-byte Media-ID and a sec- 
tion key Here, suppose an ill-intentioned user tampers with the Preview Counter and Preview Threshold while they are 

45 still encrypted, changing them to a different value. In this case, the section key obtained by using the section key of ttie 
8-bit block including the Preview Counter and PrevIew.Threshold will differ markedly from that which should be used. If 
decryption of a following block is performed using this section key, the calculation result finally obtained by decrypting 
the block including the character string pattern differs markedly from the character string pattern described above. In . 
, this, way, a proper character string pattern can only be decrypted when the encrypted Preview Counter and Preview 

50 Threshold are in a normal state, if the Preview Counter and Preview Threshold have been tarnpered with, a tampered • 
AOB file will be received, and the character string pattern in the Check-Value Field will be completely different.-TTius, . 
the characteristics of the- character string pattern can be used to chfeck whether the Preview Counter and Preview 
Threshold have been tampered with. 

[0182] Next, the processing performed by SD-Audio players 122 to 124 in the second embodiment is explained. 
55 The flowchart of Fi.g. 44 shows the processing performed by the control unit 64 in the SD-Audio players 122 to 124 when 
a copyrighted material is previewed using an Extended Title Key Entry shown in Fig. 43. The following.ls an explanaUon 
of the processing performed by the control unit 64 in the second embodiment, with reference to Fig. 44. 
[0183] At step S81 , the conti-ol unit 64 detemiines whether the SD memory card 1 00 is connected to the card con- 
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necter 34 and, if the answer is Yes, at step S82, displays a list of the tracks in the SD_ADPRV directory of the SD mem- 
ory card 1 00. At step S83, the control unit 64 waits for the user to select a track to be previewed. Here, the track selected 
by the user is a track #x, and at step S84, the control unit 64 performs a secure read of an Extended Title Key Entry#x 
for the track #x from the protected area 3. Following this, the control unit 64, at step S86, checks Trigger SitSx, and if 
Trigger Bit#x is 1 , ends processing without performing steps S86 to S96. Jf the Trigger Btt#x is 0, at step S86, the control 
unit S4 obtains a character string pattern by performing G_CBC mode decryption on the Extended Title Key Entry#x. At 
step S87, the control unit 64 determines whether the character string pattem Is normal. If it is abnormal, processing 
ends, but if it is normal, at step S88, the control unit 64 determines whether the Preview Counter is 0. If the Preview 
Counter is 0, processing ends, but if it Is not, the control unit 64, at step S89, sets the Title Key uf the Extended Title 
Key Entry#x in the descramblar 61 of the SD memory card 1 00. Following this, the control unit 64, at step S90, plays, 
back track#x. At step S92, the control unit 64 waits until the playback time has reached the time shown by- the Preview 
Threshold#x, and once the time has been reached, at stsp S92, decrements the Preview Counter. Next, at step S93. 
the control unit 64 determines whether the Preview Counter is 1 or mors, or 0. If it Is 1 or more, the control unit 64, at 
step S94, performs a secure write of the Preview Counter, and then, at step S95, verifies the Preview Counter. If the 
Preview Counter is 0, however, at step S96, the oontrol unit 64 deletes the Extended Title Key Entry, and at step S97, 
sets the Availability Flag at 0. 

[0184] In the second embodiment, the Preview Counter and Preview Threshold are recorded in the protected area 
3, making it difficult to tamper with them. This allows users to preview copyrighted materials, while ensuring that those 
same copyrighted materials remain properly protected. 

10185] These embodiments describe the maxirium effects that can be expected under cun-ent conditions, but the 
Invention need rot be limited to the structure described herein. The following altematlves are also possible. 

(a) The SD memory card In the first and second embodiments has a user data area 8 and a protected area 3, but 
the invention reed not be limited to this, and the entire memory area of the SD memory card 100 may be a pro- 
tected area. The SD memory card 1 00 Is used as a recording medium, but the recording medium need not be lim- 
ited to semiconductor memory such as this, and an optical disc, HQ or the like may be used provided that it has a 
protected area. 

(b) In the first and second embodiments, a single copyrighted material corresponds to a package and a collection 
of copyrighted materials such as an album con-esponds to a title, but a collection of copyrighted materials may be 
transmitted as a single package. 

(c) The following may be used as requirements when previewing tracks: date (preview can be performed until a cer- 
tain date), number of preylew days (preview can be perfomned for a certain time or a certain number of days), pre- 
view range (preview can be performed on a specified section of the track), or any combination of the abpve. 

(d) The data described as being recorded and played back in the first and second embodiments is limited to music 
arid still picture data, but such limitations need not apply. The data may be- any kind of reproduceable digital data, 
such as moving picture data, text data or any combination of the two. 

(e) The digital terminal in the first embodiment refers to the Move Control Information in the DRM and sets the Move 
Control Infomation In the Usage Rule based on the DRM, but the digital terminal may refer to other information, 
and set the Move Control Information in the Usage Rule according to other criteria. For example, the Move Control 
Information may be set by considering infomnation such as the hit chart ranking of copyrighted materials, whether 
the copyrighted material Is a new release, and the sales figures for the copyrighted material. 

(f) The. encrypted data, plain text data, encryption key, and Usage Rule written in local storage may be read, and 
determination of whetherthenumberofpennitted moves in the Usage Rule is 0, orl or mors performed, and if the 
number of permitted moves is 1 or more, the data may be stored on the SD memory card 1 00. 

(g) In the first embodiment, the. setting of the permitted number of moves on the SD memory card 1 0O.is assumed 
to be either 1 or 0, but other settings are also possible. If the permitted number of moves in the Move Control Infor- 
mation is set at 6 by the distribution server 103, the permitted number of moves shown In the Move Control Infor- 
mation is changed and the Usage Rule is moved between each of the recording media, as shown in Fig. 45. 

[0186] Although the present invention has been fully described by way of examples with reference to accompanying 
. drawings, it is to be noted that various changes and modifications will be apparent to those skilled in the art. Therefore, 
unless such changes and modifications depart from the scope of the present inyention, they should be construed as 
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being included therein. 



1. A distribution system including a distribution server for distributing a content via a network, and first and second 
receiving apparatuses for receiving thie content via tlie networic, the distribution system recording a copy of the con- 
tent onto a recording medium and supplying the content to a playback apparatus, 

the first receiving apparatus comprising: 

a first receiving unit operable to receive via the network a data set including the content and control information 
conlroliing copying of the content onto the recording medium, and hold the received data set; and 

a recording unit operable to generate authorization information showing whether moving the data set to 
another receiving apparatus is permitted, and record the content onto a distribution medium together with cor- 
responding usage rule information including (1 ) the authorization information, and (2) the control information 
included in the data set; and 

the second receiving apparatus comprising: 

a second, receiving unit operable to receive the data set from the distribution server via the network, and hold 
the received data set; 

■ a data set moving unit operable to' read authorization infonnation from the distribution medium, and (a) move 
the data set from the distribution medium to the inside of the second receiving apparatus, and (b) hold the data 
set, only when the read authorization information shows that moving the data set is permitted; and • 

a check-out unit operable to perform check-out when the data set is held by one of the second receiving unit 
and the data set moving unit, check-out performed based on the control infonnation in the held data set by gen- 
erating a copy of the content included in the held data set and recording the copy onto the recording medium, 
the copy recorded onto the recording medium being supplied to the playback apparatus. 

2. The distribution system of Claim 1 , wherein: 

the control information indicates a number of remaining check-outs; 

the check-out unit includes a connecting unit operable to connect to a recording medium, and is operable to 
record a copy of the content included in the data iset held by the data set moving unit onto the recording, 
medium when a copy of the held content Is not already recorded on the connected recording medium, and the . 
number of remaining check-outs shown by the control information held by one of the second receiving unit and 
the data set moving unit is at least one; and 

the second receiving apparatus further comprises: 

a check-in unit operable to delete, when a copy of the content is already recorded on the connected recording 
medium, the copy of the content recorded on the connected recording medium; and 

an updating unit operable to update the control information .by decrementing the number of rernaining check- 
outs when a copy of the held content is newly recorded on the recording medium, and incrementing the number 
of remaining check-outs when the copy of the held content Is deleted from the recording mediurh. ■ 

3. The distributioti system of Claim 2, wherein: 

the recording medium has an assigned unique identifier; 
the check-out unit includes: 

an allocation unit operable to allocate a unique identifier to the held contenf, the unique identifier being 
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recorded onto the recording medium with the content when checl<-out is performed; and 

a storage unit operabie to read the unique identifier for the recording medium connected to the connecting unit 
from the recording medium, and store the read recording medium identifier as a pair with the allocated content 
identifier, and 

the checl<-in unit includes: 

■ a read unit operable to read, when a copy of the content has already been recorded on a recording medium 
connected to the connecting unit, the unique idenfrfiers for the connected recording medium and the content; 

a comparing unit operable to compare the pair of Identifiers, read by the read unit with the pair of identifiers 
stored by the storage unit to determine whether the copy recorded on the connected recording medium was 
previously produced by the second recording apparatus; 

a holding unit operable to read, when the copy was previously produced by the second recording apparatus, 
the copy from the connected recording medium, hold the read copy, and then delete the copy from the record- 
ing nnedium. 

The distribution system of Claim 3, wherein, when the authorization information recorded on the distribution 
medium shows that moving the data set is not permitted, the reading unit is not operable to read the content and 
the usage rule information, and 

the playback apparatus piays back the corresponding content directly from the distribution medium, when the 
• authorization infomiation indicates that moving the data set Is not pemiitted. 

A semiconductor memory card used as a distribution medium in a distribution system, the distribution system 
including a distribution server for distributing a content via a network, a first. receiving apparatus for receh/ing the 
content via the network and recording the content onto a distribution medium, a second receiving apparatus for 
receiving the content via the distribution medium and recording a copy of the content onto a recording medium, and 
a playback apparatus for receiving the copy of the content via the recording rfiedium and playing back the received 
content, the semiconductor memory card comprising: 

a volume area, in which a content and usage rule Infomiation are recorded, the usage rule infonnation Includ- 
ing control information controlling copying of the recorded content onto' the recording medium, and authoriza- 
tion information showing whether moving the control information and the content to the second receiving 
apparatus is pennitted. 

The semiconductor memory card of Claim 5, wherein the content includes encrypted audio data and a correspond- 
ing encryption key used to encrypt the encrypted audio data, and the Volume area includes: 

a user data area that stores, the encrypted audio data and can be accessed by a device connected to the sem- 
iconductor memory car6 regardless of whether the authenticity of the device has been recognized, and 

a protected area that stores the usage rule Infonnation and the encryption key and can only be accessed by a 
device- connected to the semiconductor memory card when the authenticity of the device has been recognized. 

The semiconductor card of Claim 6, wherein the authorization infonnation shows that moving the control informa- 
tion and content is permitted by indicating a number of permitted moves. 

A first receiving apparatus in a distribution system, the distribution system including a distribution server for distrib- 
uting a content via a network, a first receiving apparatus for receiving the content via the network and recording the 
content onto a distribution medium, a second receiving apparatus for redeiving the content via the distribution 
medium and recording a copy of the content onto a recording medium, and a playback apparatus for receiving the 
copy of the content via the recording medium. and playing back the received content, and the first receiving appa- 
ratus comprising; 

a first receiving unit operable to receive via the network a data set including the content and control information 
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controlling copying of tfie content onto the recording medium, and liold the received data set; and 

a recording unit operable to generate authorization information showing whether moving the data set to 
another receiving apparatus is pennitted, and record the content onto a distribution medium together with cor- 
5 responding usage rule Information including (1) the authorization Information, and (2) the control information 

included in the data set. 

9. A receiving apparatus for receiving contents from a distribution server via the network, as well as receiving contents 
via a distribution medium, and recording copies of a received content onto a recording medium, 

the distribution medium storing contents and corresponding usage , rule Information, arid 
the usage rule Information Including control information controlling copying of a recoreled Content onto the 
recording medium, and authorization infonnation showing whether moving a data set including a paired con- 
tent and control information to the receiving apparatus is pemiitted, and 
TS the receiving apparatus comprising: . 

a receiving unit operable to receive the data set from the distribution server via the network, and hold the 
received data set; 

a data set moving unit operable to read authorization information from the distribution medium, and (a) move 
the data set from the distribution medium to the inside of the second receiving apparatus, and (b) hold the data 
so set, only when the read authorization information shows that moving the data set is pennitted; and 

a checlt-out unit operable to perform check-out when the data set is held by one of the second receiving unit 
and the data set moving unit, check-out performed based on the control Infonnation in the held dat^ set by gen- 
erating a copy of the content included In the held data set and recording the copy onto the recording medium, 
the copy recorded onto the recording medium being supplied to the playback apparatus. 

2S 

1 0. A recording medium recording a computer-readable program for having a computer perform processing as a first 
receiving apparatus in a distribution system, the distribution system including a distribution server for distributing a 
content via a network, a first receiving apparatus for receiving the content via the network and racondlngthe content 
onto a distribution medium, a second receiving apparatus for receiving the content via the distribution medium and 

30 recording a copy of the content onto a recording medium, and a playback apparatus for receiving the copy of the 
content via the recording medium and playing back the received content, and the program comprising: 

a first receiving step of receiving via the network a data set including the content and control infonnation con- 
trolling copying of the content onto the recording medium, and holding the received data set; and 

35 ■ 

a recording step of generating authorization information showing whether moving the data set to another 
receiving apparatus Is permitted, and recording the content onto a distribution medium together with corre- 
sponding usage rule Information Including (1) the' authorization infonnation, and (2) the control Information 
included in the data set. ■ 

11. A recording medium recording a computer-readable program for having a computer perfomi processing as a 
receiving apparatus for receiving contents from a distribution server via the network, as well as receiving contents 
via a distribution medium, and recording copies of a received content onto a recording medium, 

45 the distribution medium storing contents and corresponding usage rule information, 

the usage rule Information Including control infomnatlon controlling copying of a recorded content onto the 
recording medium, and autiiorization Infonnation showing whether moving a data set Including a paired con- 
tent and control information to the receiving apparatus Is permitted, and 

50 

the receiving apparatus comprising: 

a receiving step of receiving the data set from the distribution server via the network, and holding the received 
data set;- 

a data set moving. step of reading authorization information from the distribution medium, and (a) moving the 
data set from the distribution medium to the inside of the second receiving apparatus, and (b) holding the data 
set, only when the read authorization information shows that moving the data set is pennitted; and 
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a check-out-step of performing check-out when the data set is held by one of the second receiving unit and the 
data set moving unit, check-out performed based on the control Infoimatlon in the held data set by generating 
a copy of the content Included in the held data set and recording the copy onto the recording medium, the copy 
recorded onto the recording medium being supplied to the playback apparatus. 

12. A receiving method applied by a first receiving apparatus in a disfibutlGn system, the distribution system including 
a distribution server for distributing a content via a netwrork, a first receiving apparatus for receiving the content via 
the network and recording the content Onto a distribution medium, a second receiving apparatus for receiving the; 
content via the distnTaution medium and recording a copy of the content onto a. recording medium, and a playback 
10 apparatus for receiving the copy of the content via the recording medium and playing back the received content, 
and the receiving method comprising: 

a first receiving step of receiving via the network a data set including the content and control information con- 
trolling copying of the content onto the recording medium, and holding the received data set; and 
IS a recording step of generating authorization information showing whether moving the data set to another 

receiving apparatus is permitted, and recording the content onto a distribution medium together with con-e- 
sponding usage rule information including (1) the authorization infonnatlon, and (2) the control information 
Included in the data set. 

20 13. A receiving method for recording a computer-readable program for receiving contents from a distribution server via 
the network, as well as receiving contents via a distribution medium, and recording copies of a received content 
onto a recording medium, 

the distribution medium storing contents and corresponding usage rule iriformation, 
25 the usage rule information Including control information controlling copying of a recorded content onto the 

recording medium, and authorization information showing whether moving a data set Including a paired con- 
tent and control information to the receiving apparatus is permitted, and 
the receiving method comprising: 

a receiving step' of receiving the data set from the distribution server via the network, and holding the received 

a data set moving step of reading authorization information from the distribution medium, and (a) moving the 
data set from the distribution medium to the inside of the second receiving apparatus, and (b) holding the data 
set, only when the read authorization information shows that moving the data set Is permitted; and 
a check-out step of perfonning check-out when the data set is held by one of the second receiving unit and the 
35 data set moving unit, check-out performed based on the control infomiation In the held data set by generating 

a copy of the content Included in the held data set and recording the copy onto the recording medium, the copy 
recorded onto the recording medium being supplied to the playback apparatus. 
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FIG.2A 
RECORDING MEDIUM 



j«NO ENCRYPTION KEY SO DEVICE HAVING THIS 
RECORDING MEDIUM CANNOT PLAY BACK 
COPYRIGHTED MATERIAL 



FIG.2B 
RECORDING MEDIUM 



JJ^HAS AN ENCRYPTION KEY, SO DEVICE HAVING THIS 
RECORDING MEDIUM CAN PLAY BACK COPYRIGHTED 
MATERIAL 

NO USAGE RULE.SO COPYRIGHTED MATERIAL CANNOT 
BE RECORDED TO ANOTHER RECORDING MEDIUM 



^ FIG.2C 
RECORDING MEDIUM 



^HAS AN ENCRYPTION KEY. SO DEVICE HAVING THIS 
RECORDING MEDIUM CAN PLAY BACK COPYRIGHTED 
MATERIAL 

■ HAS A USAGE RULE.SO COPYRIGHTED MATERIAL 
CAN BE RECORDED ON ANOTHER RECORDING MEDIUM 
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